Sciweavers

VEE
2006
ACM

Secure and practical defense against code-injection attacks using software dynamic translation

14 years 5 months ago
Secure and practical defense against code-injection attacks using software dynamic translation
One of the most common forms of security attacks involves exploiting a vulnerability to inject malicious code into an executing application and then cause the injected code to be executed. A theoretically strong approach to defending against any type of code-injection attack is to create and use a process-specific instruction set that is created by a randomization algorithm. Code injected by an attacker who does not know the randomization key will be invalid for the randomized processor effectively thwarting the attack. This paper describes a secure and efficient implementation of instruction-set randomization (ISR) using software dynamic translation. The paper makes three contributions beyond previous work on ISR. First, we describe an implementation that uses a strong cipher algorithm—the Advanced Encryption Standard (AES), to perform randomization. AES is generally believed to be impervious to known attack methodologies. Second, we demonstrate that ISR using AES can be implemente...
Wei Hu, Jason Hiser, Daniel Williams, Adrian Filip
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where VEE
Authors Wei Hu, Jason Hiser, Daniel Williams, Adrian Filipi, Jack W. Davidson, David Evans, John C. Knight, Anh Nguyen-Tuong, Jonathan C. Rowanhill
Comments (0)