Countering code-injection attacks with instruction-set randomization

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Countering code-injection attacks with instruction-set randomization

Full text

Pdf (146 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 10th ACM conference on Computer and communications security table of contents

Washington D.C., USA

SESSION: Intrusion detection table of contents

Pages: 272 - 280

Year of Publication: 2003

ISBN:1-58113-738-9

Authors

Gaurav S. Kc	Columbia University
Angelos D. Keromytis	Columbia University
Vassilis Prevelakis	Drexel University

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 37, Downloads (12 Months): 200, Citation Count: 39

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/948109.948146 What is a DOI?

ABSTRACT

We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff's principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe).Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Bochs Emulator Web Page. http://bochs.sourceforge.net/.
	2	The Perltidy Home Page. http://perltidy.sourceforge.net/.
	3	Trusted Computing Platform Alliance. http://www.trustedcomputing.org/.
	4	CERT Advisory CA-2001-19: 'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, July 2001.
	5	CERT Advisory CA-2001-33: Multiple Vulnerabilities in WU-FTPD. http://www.cert.org/advisories/CA-2001-33.html, November 2001.
	6	CERT Advisory CA-2002-12: Format String Vulnerability in ISC DHCPD. http://www.cert.org/advisories/CA-2002-12.html, May 2002.
	7	CERT Vulnerability Note VU#282403. http://www.kb.cert.org/vuls/id/282403, September 2002.
	8	CERT Vulnerability Note VU#496064. http://www.kb.cert.org/vuls/id/496064, April 2002.
	9	Cert Advisory CA-2003-04: MS-SQL Server Worm. http://www.cert.org/advisories/CA-2003-04.html, January 2003.
	10	The Spread of the Sapphire/Slammer Worm. http://www.silicondefense.com/research/worms/slammer.php, February 2003.
	11	A. Acharya and M. Raje. Mapbox: Using parameterized behavior classes to confine applications. In Proceedings of the 9th USENIX Security Symposium, pages 1--17, August 2000.
	12	Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), 1996.
	13	A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environment for internet computations, December 1998.
	14	V. Anupam and A. Mayer. Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies. In Proceedings of the 7th USENIX Security Symposium, pages 187--200, January 1998.
	15	R. Balzer and N. Goldman. Mediating connectors: A non-bypassable process wrapping technology. In Proceeding of the 19th IEEE International Conference on Distributed Computing Systems, June 1999.
	16	A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, June 2000.
	17	A. Berman, V. Bourassa, and E. Selberg. TRON: Process-Specific File Protection for the UNIX Operating System. In Proceedings of the USENIX Technical Conference, January 1995.
	18	S. Bhatkar, D. C. DuVarney, and R. Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120, August 2003.
	19	Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack, 5(56), May 2000.
	20	Hao Chen , David Wagner, MOPS: an infrastructure for examining security properties of software, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586142]
	21	C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 191--199, August 2001.
	22	C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91--104, August 2003.
	23	Crispin Cowan , Steve Beattie , Greg Kroah-Hartman , Calton Pu , Perry Wagle , Virgil Gligor, SubDomain: Parsimonious Server Security, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
	24	C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998.
	25	George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen, ReVirt: enabling intrusion analysis through virtual-machine logging and replay, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060309]
	26	J. Etoh. GCC extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/projects/security/ssp/, June 2000.
	27	Jeffrey S. Foster , Manuel Fähndrich , Alexander Aiken, A theory of type qualifiers, Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation, p.192-203, May 01-04, 1999, Atlanta, Georgia, United States
	28	M. Frantzen and M. Shuey. StackGhost: Hardware facilitated stack protection. In Proceedings of the 10th USENIX Security Symposium, pages 55--66, August 2001.
	29	T. Fraser, L. Badger, and M. Feldman. Hardening COTS Software with Generic Software Wrappers. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.
	30	T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
	31	T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 191--206, February 2003.
	32	D. P. Ghormley, D. Petrou, S. H. Rodrigues, and T. E. Anderson. SLIC: An Extensibility System for Commodity Operating Systems. In Proceedings of the 1998 USENIX Annual Technical Conference, pages 39--52, June 1998.
	33	I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications. In Procedings of the 1996 USENIX Annual Technical Conference, 1996.
	34	Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
	35	R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In 3rd International Workshop on Automated Debugging, 1997.
	36	A. D. Keromytis, J. L. Wright, and T. de~Raadt. The Design of the OpenBSD Cryptographic Framework. In Proceedings of the USENIX Annual Technical Conference, June 2003.
	37	Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
	38	D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 177--190, August 2001.
	39	E. Larson and T. Austin. High Coverage Detection of Input-Related Security Faults. In Proceedings of the 12th USENIX Security Symposium, pages 121--136, August 2003.
	40	Kyung-suk Lhee , Steve J. Chapin, Type-Assisted Dynamic Buffer Overflow Detection, Proceedings of the 11th USENIX Security Symposium, p.81-88, August 05-09, 2002
	41	Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
	42	M. Conover and w00w00 Security Team. w00w00 on heap overflows. http://www.w00w00.org/files/articles/heaptut.txt, January 1999.
	43	T. C. Miller and T. de~Raadt. strlcpy and strlcat: Consistent, Safe, String Copy and Concatentation. In Proceedings of the USENIX Technical Conference, Freenix Track, June 1999.
	44	T. Mitchem , R. Lu , R. O'Brien, Using kernel hypervisors to secure applications, Proceedings of the 13th Annual Computer Security Applications Conference, p.175, December 08-12, 1997
	45	David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France [doi>10.1145/637201.637244]
	46	National Bureau~of Standards. Data Encryption Standard, January 1977. FIPS-46.
	47	George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
	48	David S. Peterson , Matt Bishop , Raju Pandey, A Flexible Containment Mechanism for Executing Untrusted Code, Proceedings of the 11th USENIX Security Symposium, p.207-225, August 05-09, 2002
	49	M. Prasad and T. Chiueh. A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks. In Proceedings of the USENIX Annual Technical Conference, pages 211--224, June 2003.
	50	V. Prevelakis and A. D. Keromytis. Drop-in Security for Distributed and Portable Computing Elements. Internet Research: Electronic Networking, Applications and Policy, 13(2), 2003.
	51	Vassilis Prevelakis , Diomidis Spinellis, Sandboxing Applications, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.119-126, June 25-30, 2001
	52	N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, pages 257--272, August 2003.
	53	U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th USENIX Security Symposium, pages 201--216, August 2001.
	54	E. H. Spafford. The Internet Worm Program: An Analysis. Technical Report Technical Report CSD-TR-823, Purdue University, West Lafayette, IN 47907-2004, 1988.
	55	Technology Quarterly. Bespoke chips for the common man. The Economist, pages 29--30, 14-20 December 2002.
	56	Tool Interface~Standards Committee. Executable and Linking Format (ELF) specification, May 1995.
	57	Vendicator. Stack shield. http://www.angelfire.com/sk/stackshield/.
	58	D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), pages 3--17, February 2000.
	59	K. M. Walker, D. F. Stern, L. Badger, K. A. Oosendorp, M. J. Petkac, and D. L. Sherman. Confining root programs with domain and type enforcement. In Proceedings of the USENIX Security Symposium, pages 21--36, July 1996.
	60	Robert N. M. Watson, TrustedBSD: Adding Trusted Operating System Features to FreeBSD, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.15-28, June 25-30, 2001
	61	Andrew Whitaker , Marianne Shaw , Steven D. Gribble, Scale and performance in the Denali isolation kernel, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060308]
	62	J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Intrusion Prevention. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 123--130, February 2003.
	63	Cliff Changchun Zou , Weibo Gong , Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586130]

CITED BY 40

	Lynette Qu Nguyen , Tufan Demir , Jeff Rowe , Francis Hsu , Karl Levitt, A framework for diversifying windows native APIs to tolerate code injection attacks, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Debin Gao , Michael K. Reiter , Dawn Song, On gray-box program tracking for anomaly detection, Proceedings of the 13th conference on USENIX Security Symposium, p.8-8, August 09-13, 2004, San Diego, CA
	Carol Taylor , Jim Alves-Foss, Diversity as a computer defense mechanism, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	L. Li , P. Liu , Y. C. Jhi , G. Kesidis, Evaluation of collaborative worm containment on the DETER testbed, Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, p.5-5, August 06-07, 2007, Boston, MA
	David A. Holland , Ada T. Lim , Margo I. Seltzer, An architecture a day keeps the hacker away, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005
	Akito Monden , Antoine Monsifrot , Clark Thomborson, A framework for obfuscated interpretation, Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation, p.7-16, January 01, 2004, Dunedin, New Zealand
	Costin Raiciu , Mark Handley , David S. Rosenblum, Exploit hijacking: side effects of smart defenses, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.123-130, September 11-15, 2006, Pisa, Italy
	Susanta Nanda , Wei Li , Lap-Chung Lam , Tzi-cker Chiueh, BIRD: Binary Interpretation using Runtime Disassembly, Proceedings of the International Symposium on Code Generation and Optimization, p.358-370, March 26-29, 2006
	Haizhi Xu , Steve J. Chapin, Improving address space randomization with a dynamic offset randomization technique, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
	David Brumley , Li-Hao Liu , Pongsin Poosankam , Dawn Song, Design space and analysis of worm defense strategies, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Ana Nora Sovarel , David Evans , Nathanael Paul, Where's the FEEB? the effectiveness of instruction set randomization, Proceedings of the 14th conference on USENIX Security Symposium, p.10-10, July 31-August 05, 2005, Baltimore, MD
	Gregory T. Buehrer , Bruce W. Weide , Paolo A. G. Sivilotti, Using parse tree validation to prevent SQL injection attacks, Proceedings of the 5th international workshop on Software engineering and middleware, September 05-06, 2005, Lisbon, Portugal
	Anil Somayaji, Immunology, diversity, and homeostasis: The past and future of biologically inspired computer defenses, Information Security Tech. Report, v.12 n.4, p.228-234, January, 2007
	Michael E. Locasto , Stelios Sidiroglou , Angelos D. Keromytis, Speculative virtual verification: policy-constrained speculative execution, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	William G. J. Halfond , Alessandro Orso, Combining static analysis and runtime monitoring to counter SQL-injection attacks, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
	William G. J. Halfond , Alessandro Orso, AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks, Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, November 07-11, 2005, Long Beach, CA, USA
	Gary Wassermann , Zhendong Su, Sound and precise analysis of web applications for injection vulnerabilities, ACM SIGPLAN Notices, v.42 n.6, June 2007
	Zhenkai Liang , R. Sekar, Fast and automated generation of attack signatures: a basis for building self-protecting servers, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Stelios Sidiroglou , Michael E. Locasto , Stephen W. Boyd , Angelos D. Keromytis, Building a reactive immune system for software services, Proceedings of the USENIX Annual Technical Conference 2005 on USENIX Annual Technical Conference, p.11-11, April 10-15, 2005, Anaheim, CA
	Krutartha Patel , Sridevan Parameswaran , Seng Lin Shee, Ensuring secure program execution in multiprocessor embedded systems: a case study, Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis, September 30-October 03, 2007, Salzburg, Austria
	Milena Milenković , Aleksandar Milenković , Emil Jovanov, Hardware support for code integrity in embedded processors, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
	Georgios Portokalidis , Herbert Bos, Eudaemon: involuntary and on-demand emulation against zero-day exploits, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
	Abdulrahman Alarifi , Wenliang Du, Diversify sensor nodes to improve resilience against node compromise, Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, October 30-30, 2006, Alexandria, Virginia, USA
	C. M. Linn , M. Rajagopalan , S. Baker , C. Collberg , S. K. Debray , J. H. Hartman, Protecting against unexpected system calls, Proceedings of the 14th conference on USENIX Security Symposium, p.16-16, July 31-August 05, 2005, Baltimore, MD
	Georgios Portokalidis , Asia Slowinska , Herbert Bos, Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
	Sandeep Bhatkar , R. Sekar , Daniel C. DuVarney, Efficient techniques for comprehensive protection from memory error exploits, Proceedings of the 14th conference on USENIX Security Symposium, p.17-17, July 31-August 05, 2005, Baltimore, MD
	Zhiqiang Lin , Xuxian Jiang , Dongyan Xu , Bing Mao , Li Xie, AutoPaG: towards automated software patch generation with source code root cause identification and repair, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Yingbo Song , Michael E. Locasto , Angelos Stavrou , Angelos D. Keromytis , Salvatore J. Stolfo, On the infeasibility of modeling polymorphic shellcode, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Adam J. O'Donnell , Harish Sethu, On achieving software diversity for improved network security using distributed coloring algorithms, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Hovav Shacham , Matthew Page , Ben Pfaff , Eu-Jin Goh , Nagendra Modadugu , Dan Boneh, On the effectiveness of address-space randomization, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
	S. Antonatos , P. Akritidis , E. P. Markatos , K. G. Anagnostakis, Defending against hitlist worms using network address space randomization, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.12, p.3471-3490, August, 2007
	James E. Just , Mark Cornwell, Review and analysis of synthetic diversity for breaking monocultures, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
	Byung-Gon Chun , Petros Maniatis , Scott Shenker, Diverse replication for single-machine Byzantine-fault tolerance, USENIX 2008 Annual Technical Conference on Annual Technical Conference, p.287-292, June 22-27, 2008, Boston, Massachusetts
	S. Antonatos , P. Akritidis , E. P. Markatos , K. G. Anagnostakis, Defending against hitlist worms using network address space randomization, Proceedings of the 2005 ACM workshop on Rapid malcode, November 11-11, 2005, Fairfax, VA, USA
	Bertrand Anckaert , Mariusz Jakubowski , Ramarathnam Venkatesan, Proteus: virtualization for diversified tamper-resistance, Proceedings of the ACM workshop on Digital rights management, October 30-30, 2006, Alexandria, Virginia, USA
	Milena Milenković , Aleksandar Milenković , Emil Jovanov, Using instruction block signatures to counter code injection attacks, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005
	Jedidiah R. Crandall , S. Felix Wu , Frederic T. Chong, Minos: Architectural support for protecting control data, ACM Transactions on Architecture and Code Optimization (TACO), v.3 n.4, p.359-389, December 2006
	Elena Gabriela Barrantes , David H. Ackley , Stephanie Forrest , Darko Stefanović, Randomized instruction set emulation, ACM Transactions on Information and System Security (TISSEC), v.8 n.1, p.3-40, February 2005
	Aleksandar Milenkovic , Milena Milenkovic , Emil Jovanov, An efficient runtime instruction block verification for secure embedded systems, Journal of Embedded Computing, v.2 n.1, p.57-76, January 2006