Sciweavers

ACSAC
2006
IEEE

Known/Chosen Key Attacks against Software Instruction Set Randomization

14 years 6 months ago
Known/Chosen Key Attacks against Software Instruction Set Randomization
Instruction Set Randomization (ISR) has been proposed as a form of defense against binary code injection into an executing program. One proof-of-concept implementation is Randomized Instruction Set Emulator (RISE), based on the open-source Valgrind IA-32 to IA-32 binary translator. Although RISE is effective against attacks that are not RISEaware, it is vulnerable to pure data and hybrid data-code attacks that target its data, as well to some classes of bruteforce guessing. In order to enable the design of a production version, we describe implementation-specific and generic vulnerabilities that can be used to overcome RISE in its current form. We present and discuss attacks and solutions in three categories: known-key attacks that rely on the key being leaked and then used to pre-scramble the attacking code; chosen-key attacks that use implementation weaknesses to allow the attacker to define its own key,or otherwise affect key generation; and key-guessing (“bruteforce”) attack...
Yoav Weiss, Elena Gabriela Barrantes
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ACSAC
Authors Yoav Weiss, Elena Gabriela Barrantes
Comments (0)