Lukas Maar loves climbing. Mostly in large groups. “We sit together in front of the wall for a very long time, look at our respective strengths and weaknesses and plan individual routes up to our common goal at the top,” he explains. His private hobby is not dissimilar to his day job. He tries to penetrate operating systems in various ways, exploit vulnerabilities and gain the widest possible access rights.
The PhD candidate at the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) is primarily concerned with kernel security, i.e. he analyses the core of a computer system to find ways to take it over. He has just presented an extensive attack on Linux systems and a study on the security of the Linux-based Android operating system on mobile phones at the renowned Usenix conference in the USA. “Linux is one of the most important basic applications for operating systems – including Android – and is used on most servers. And of course a big advantage is that it is open source and anyone can develop on it,” he says, explaining his interest. The vulnerabilities and attack points found are then passed on to the international development community so that they can be closed or made more difficult to exploit. In this way, researchers at TU Graz are working together with the globally networked research community to increase computer security.
SLUBStick
The attack variant he investigated has been known for some time, but had been previously deemed unreliable and impractical. “Linux works with many defence mechanisms that are difficult to break through. And although there are more and more security gaps in the system, they are becoming increasingly difficult to exploit due to the increased security precautions,” he explains. More difficult yes, but not impossible. In an operating system, the data that can be viewed by all users and the data that is critical to security are usually separated from each other. An attack that can circumvent this separation was developed back in 2015. However, because the operating system crashed in a good 40 per cent of cases, thus negating the entire attack, it was considered unreliable. However, Maar and his colleagues have now found a way to carry out this attack in a stable manner. “Which is of course a very big problem for the security of the system,” he adds. But the team went one step further. They then attacked the page table, which links the virtual addresses of a file with the physical addresses. “If I can intrude there, then I can access the entire memory and modify data – turning myself from a normal user into an administrator with extensive access rights, for example,” says Maar, explaining the seriousness of the attack.
You can read the second analysis of the security of Android smartphones here: Numerous Manufacturers Use Insecure Android Kernels
Winding path to computer security
What he finds exciting about this work is that there is not just one way to find a solution, but many. His path to computer science also took him down several different routes. He began studying electrical engineering in 2014 and added a computer science degree in 2017. After completing both Bachelor’s degrees, he decided in favour of electrical engineering for his Master’s degree and dedicated himself to kernel security in selected courses. He started his PhD with computer security expert Stefan Mangard in computer science and plans to complete it next year.
Today, he not only works on uncovering security vulnerabilities, but also on developing defence strategies. “This will also be important to me in the future. I want to continue my research and do practical work on making systems more secure and gaps more difficult to exploit.”
This research project is anchored in the Field of Expertise ‘Information, Communication & Computing’, one of five strategic focus areas at TU Graz.
You can find more research news on Planet research. You can receive monthly updates from the world of science at TU Graz via the research newsletter TU Graz research monthly.
