Programmable decoder and shadow threads: tolerate remote code injection exploits with diversified redundancy
作者: Zhiqiang Lin , Ziyi Liu , Shouhuai Xu , Weidong Shi
关键词:
摘要: We present a lightweight hardware framework for providing high assurance detection and prevention of code injection attacks using lockstep diversified shadow execution. Recent studies show that diversification can detect software by checking the consistency their behavior simultaneously. Unfortunately, severe performance degradation extra system costs caused these methods are unacceptable in many applications. This paper presents hardware-level, thread to enrich diversity execution, with facilitation from programmable decoder novel CPU support tightly coupled technique. Specifically, given piece (legacy) binary code, we first generate versions an offline rewriter translator at runtime. Two images launched as dual simultaneous threads layer one primary other thread. Instructions not executed but just compared, thus incur no OS side-effects. The extended is able decode instructions both threads, dispatch them next stage pipeline comparison. Any mismatch decoded two remotely injected will be detected. Our design provides instruction set randomization (ISR) minimal cost performance, when compared straight-forward ISR implementation. simulation results indicate our incurs very small overheads protection against attacks.
acm.org
sci-hub.st 参考文章(18)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Sandeep Bhatkar, R. Sekar, Data Space Randomization international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 22 ,(2008) , 10.1007/978-3-540-70542-0_1
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Efficient techniques for comprehensive protection from memory error exploits usenix security symposium. pp. 17- 17 ,(2005)
Ang Cui, Salvatore Stolfo, None, Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware ,(2011) , 10.7916/D8KS70RR
N.L. Binkert, R.G. Dreslinski, L.R. Hsu, K.T. Lim, A.G. Saidi, S.K. Reinhardt, The M5 Simulator: Modeling Networked Systems IEEE Micro. ,vol. 26, pp. 52- 60 ,(2006) , 10.1109/MM.2006.82
Perry Wagle, Steve Beattie, Crispin Cowan, John Johansen, Pointguard TM : protecting pointers from buffer overflow vulnerabilities usenix security symposium. pp. 7- 7 ,(2003)
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization computer and communications security. pp. 272- 280 ,(2003) , 10.1145/948109.948146
Ana Nora Sovarel, Nathanael Paul, David Evans, Where's the FEEB? the effectiveness of instruction set randomization usenix security symposium. pp. 10- 10 ,(2005)
S. Forrest, A. Somayaji, D.H. Ackley, Building diverse computer systems Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133). pp. 67- 72 ,(1997) , 10.1109/HOTOS.1997.595185
Ruirui Huang, Daniel Y. Deng, G. Edward Suh, Orthrus: efficient software integrity protection on multi-cores architectural support for programming languages and operating systems. ,vol. 38, pp. 371- 384 ,(2010) , 10.1145/1735970.1736062