Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices
作者: Matthias Neugschwandtner , Collin Mulliner , William Robertson , Engin Kirda
DOI: 10.1007/978-3-319-45572-3_4
关键词: Code injection 、 Source code 、 Reduced instruction set computing 、 Code reuse 、 Exploit 、 System call 、 Computer science 、 Embedded system 、 Executable 、 Emulation
摘要: Entering the age of Internet things, embedded devices are everywhere. They built using common hardware such as RISC-based ARM and MIPS platforms, lightweight open software components. Because their limited resources, systems often lack protection mechanisms that have been introduced to desktop server world. In this paper, we present BINtegrity, a novel approach for exploit mitigation is specifically tailored towards based on RISC architecture. BINtegrity leverages architectural features CPUs extract combination static dynamic properties relevant OS service requests from executables, enforces them during runtime. Our technique borrows ideas several areas including system call monitoring, analysis, code emulation, combines in low-overhead fashion directly operating kernel. We implemented Linux system. practical, restricts ability attackers generic memory corruption vulnerabilities COTS binaries. contrast other approaches, does not require access source code, binary modification, or application specific configuration policies. evaluation demonstrates incurs very low overhead – only 2 % whole performance, shows our mitigates both injection reuse attacks.
springer.com
sci-hub.st 参考文章(19)
Michalis Polychronakis, Angelos D. Keromytis, Vasilis Pappas, Transparent ROP exploit mitigation using indirect branch tracing usenix security symposium. pp. 447- 462 ,(2013)
Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro, Herbert Bos, Memory Errors: The Past, the Present, and the Future Research in Attacks, Intrusions, and Defenses. pp. 86- 106 ,(2012) , 10.1007/978-3-642-33338-5_5
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications 2015 IEEE Symposium on Security and Privacy. pp. 745- 762 ,(2015) , 10.1109/SP.2015.51
Mingwei Zhang, R. Sekar, Control flow integrity for COTS binaries usenix security symposium. pp. 337- 352 ,(2013)
Christopher Kruegel, Darren Mutz, Fredrik Valeur, Giovanni Vigna, On the detection of anomalous system call arguments european symposium on research in computer security. pp. 326- 343 ,(2003) , 10.1007/978-3-540-39650-5_19
Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng, ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks network and distributed system security symposium. pp. 1- ,(2014) , 10.14722/NDSS.2014.23156
Victor van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida, Practical Context-Sensitive CFI computer and communications security. pp. 927- 940 ,(2015) , 10.1145/2810103.2813673
Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, Yier Jin, HAFIX: hardware-assisted flow integrity extension design automation conference. pp. 74- ,(2015) , 10.1145/2744769.2744847
Xiaokui Shu, Danfeng Yao, Naren Ramakrishnan, Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths computer and communications security. pp. 401- 413 ,(2015) , 10.1145/2810103.2813654