• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

DMCA

Countering Code-Injection Attacks With Instruction-Set Randomization (2003)

Cached

  • Download as a PDF

Download Links

  • [www.cs.columbia.edu]
  • [www1.cs.columbia.edu]
  • [www1.cs.columbia.edu]
  • [www.ida.liu.se]
  • [www.mnlab.cs.depaul.edu]
  • [www.ida.liu.se]
  • [www.sis.pitt.edu]
  • [www.ida.liu.se]
  • [www1.cs.columbia.edu]
  • [www.princeton.edu]
  • [www.cs.columbia.edu]
  • [www.prevelakis.net]
  • [www1.cs.columbia.edu]
  • [www1.cs.columbia.edu]
  • [www.prevelakis.net]
  • [www.cs.columbia.edu]
  • [www1.cs.columbia.edu]
  • [academiccommons.columbia.edu]
  • [www1.cs.columbia.edu]

    • Other Repositories/Bibliography

  • DBLP
  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Gaurav S. Kc
Venue:In Proceedings of the ACM Computer and Communications Security (CCS) Conference
Citations:234 - 26 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Kc03counteringcode-injection,
    author = {Gaurav S. Kc},
    title = {Countering Code-Injection Attacks With Instruction-Set Randomization},
    booktitle = {In Proceedings of the ACM Computer and Communications Security (CCS) Conference},
    year = {2003},
    pages = {272--280},
    publisher = {ACM Press}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff’s principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe). Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.

Keyphrases

code-injection attack    instruction-set randomization    interpreted language    performance penalty    web-based sql injection    process-specific randomized instruction set    code-injecting attack    specialized hardware    randomization algorithm    transmeta crusoe    linux kernel    emulated environment    suitable-modified processor    gnu binutils tool    machine instruction    runtime exception    general approach    kerckhoff principle    bochs-x86 emulator    vulnerable software    operating system    perl interpreter    randomized script execution    low-overhead protection mechanism   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University