Randomized instruction set emulation to disrupt binary code injection attacks

Tipo de publicación: Conference Paper

Publicado en: Proceedings of the 10th ACM conference on Computer and communications security

  • Barrantes, Elena Gabriela
  • Ackley, David H
  • Palmer, Trek S
  • Stefanovic, Darko
  • Zovi, Dino Dai

Investigadores del CITIC asociados a la publicación
Dra. E. Gabriela Barrantes Sliesarieva

Proyecto asociado a la publicación
Proyecto sombrilla

Palabras claves
  • Automated Diversity
  • Emulation
  • Information Hiding
  • Language Randomiza- tion
  • Obfuscation
  • Security

Binary code injection into an executing program is a common form of attack. Most current defenses against this form of attack use a 'guard all doors' strategy, trying to block the avenues by which execution can be diverted. We describe a complementary method of protection, which disrupts foreign code execution regardless of how the code is injected. A unique and private machine instruction set for each executing program would make it difficult for an outsider to design binary attack code against that program and impossible to use the same binary attack code against multiple machines. As a proof of concept, we describe a randomized instruction set emulator (RISE), based on the open-source Valgrind x86-to-x86 binary translator. The prototype disrupts binary code injection attacks against a program without requiring its recompilation, linking, or access to source code. The paper describes the RISE implementation and its limitations, gives evidence demonstrating that RISE defeats common attacks, considers how the dense x86 instruction set affects the method, and discusses potential extensions of the idea.


Datos bibliográficos
Cita bibliográfica
Randomized instruction set emulation to disrupt binary code injection attacks