Sciweavers

CCS
2003
ACM

Countering code-injection attacks with instruction-set randomization

14 years 5 months ago
Countering code-injection attacks with instruction-set randomization
We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff’s principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe). Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modi...
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Preve
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CCS
Authors Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis
Comments (0)