Foreign Code Detection on the Windows/X86 Platform
作者: Susanta Nanda , Wei Li , Lap-chung Lam , Tzi-cker Chiueh
关键词: Work in process 、 Buffer overflow 、 Code (cryptography) 、 Record locking 、 Formal verification 、 Computer science 、 Computer security 、 x86 、 Overhead (computing) 、 Indirect branch 、 Operating system
摘要: As new attacks against Windows-based machines emerge almost on a daily basis, there is an increasing need to "lock down" individual users' desktop in corporate computing environments. One particular way lock down user computer guarantee that only authorized binary programs are allowed run computer. A major advantage of this approach binaries downloaded without the user's knowledge, such as spyware, ad-ware, or code entering through buffer overflow attacks, can never computers locked way. This paper presents design, implementation and evaluation FOOD, foreign detection system specifically for Windows/X86platform, where defined any do not go installation procedure. FOOD verifies legitimacy images involved process creation library loading ensure used these operations. In addition, checks target address every indirect branch instruction Windows prevent illegitimate control transfers either dynamically injected mobile pre-existing functions potentially damaging. Combined together, techniques strictly execution code. Experiments with fully working prototype show it indeed stop all spyware we tested, its worst-case run-time performance overhead associated less than 35%
ieeecomputersociety.org参考文章(16)
Sandeep Phadke, Milind Borate, Prasad Dabak, Undocumented Windows NT ,(1999)
Amitabh Srivastava, Andrew Edwards, Hoi Vo, Binary transformation in a distributed environment ,(2001)
Ulfar Erlingsson, Jay Ligatti, Martn Abadi, Mihai Budiu, Control-Flow Integrity - Principles, Implementations, and Applications computer and communications security. ,(2005)
Tzi-cker Chiueh, Manish Prasad, A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks. usenix annual technical conference. pp. 211- 224 ,(2003)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Efficient techniques for comprehensive protection from memory error exploits usenix security symposium. pp. 17- 17 ,(2005)
Saman P. Amarasinghe, Evelyn Duesterwald, Derek L. Bruening, Design and implementation of a dynamic optimization framework for windows ,(2000)
S. Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh, BIRD: Binary Interpretation using Runtime Disassembly symposium on code generation and optimization. pp. 358- 370 ,(2006) , 10.1109/CGO.2006.6
James A. Whittaker, Andres De Vivanco, Neutralizing windows-based malicious mobile code acm symposium on applied computing. pp. 242- 246 ,(2002) , 10.1145/508791.508841
Vasanth Bala, Evelyn Duesterwald, Sanjeev Banerjia, Dynamo ACM SIGPLAN Notices. ,vol. 46, pp. 41- 52 ,(2011) , 10.1145/1988042.1988044
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization computer and communications security. pp. 272- 280 ,(2003) , 10.1145/948109.948146