The main idea

Security is one of today’s most important topics in information technology. Every day new vulnerabilities get discovered in user software or even operating systems. My bachelor thesis shows a way to spy on user behavior by attacking Shared Libraries.

A library is a collection of functions. A Shared Library is a library which is shared among processes. But what does sharing mean in this context? When a program is executed, its code has to be copied into the machines main memory. When the program depends on libraries, they have to be copied into memory too. In a modern operating system there are many processes running at the same time. When some of them need the same library, it would be sufficient to copy that library into memory just once. Since all processes share the exact same copy of that library now, the library is being shared.

Now when a process uses a Shared Library, a malicious process is able to share it with the victim. Doing so, it is further able to inspect when the library is used how. This is how user behavior can be observed. Even highly frequent events such as keystrokes could be monitored.

Highlights

One of the most interesting highlights was our poster session. We had a lot of pizza and a few good discussions. kcposch blogged about that event too. His impressions can be found at https://kcposch.wordpress.com/2015/03/06/bacheloriaik-2015-first-results-public/. This is how my poster looks like:

The programming part of my work was pretty straight forward. It took me a few days to explore the possibilities of attacking Shared Memory. It turned out, that flushing the Shared Memory efficiently after each observation is far more complicated than observing it. By now, we couldn’t find a (practical) way to do so. All in all, my thesis was a very nice experience. It helped me to gain a deeper understanding on some very basic concepts of modern operating systems and how to find exploits.