Randomized instruction set emulation to disrupt binary code injection attacks

TítuloRandomized instruction set emulation to disrupt binary code injection attacks
Tipo de publicaciónConference Paper
Year of Publication2003
AutoresBarrantes, EGabriela, Ackley, DH, Palmer, TS, Stefanovic, D, Zovi, DDai
Conference NameProceedings of the 10th ACM conference on Computer and communications security
Date Published10/2003
Conference LocationWashington D.C., USA
ISBN NumberISBN:1-58113-738-9
Palabras claveAutomated Diversity, Emulation, Information Hiding, Language Randomiza- tion, Obfuscation, Security

Binary code injection into an executing program is a common form of attack. Most current defenses against this form of attack use a 'guard all doors' strategy, trying to block the avenues by which execution can be diverted. We describe a complementary method of protection, which disrupts foreign code execution regardless of how the code is injected. A unique and private machine instruction set for each executing program would make it difficult for an outsider to design binary attack code against that program and impossible to use the same binary attack code against multiple machines. As a proof of concept, we describe a randomized instruction set emulator (RISE), based on the open-source Valgrind x86-to-x86 binary translator. The prototype disrupts binary code injection attacks against a program without requiring its recompilation, linking, or access to source code. The paper describes the RISE implementation and its limitations, gives evidence demonstrating that RISE defeats common attacks, considers how the dense x86 instruction set affects the method, and discusses potential extensions of the idea.