Countering code-injection attacks with instruction-set randomization

Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis

doi:10.1145/948109.948146

Cited by 432 publications

(107 citation statements)

References 17 publications

Supporting

Mentioning

101

Contrasting

Unclassified

Order By: Relevance

“…Compared to robust but costly modern ciphers, most of them are based on simple substitution ciphers for lower overhead. Both hardware [5,7,8] and software [3,4,6] implementations have been studied. Some methods utilize the characteristics of the target instruction set [5] .…”

Section: Protection Against Reverse Engineering and Instruction Set Rmentioning

confidence: 99%

“…• encryption of the machine codes to make them meaningless without a hidden key [1,2] , • obstruction of disassembly by confusing disassemblers or preventing them from accessing necessary information about the instructions [3][4][5][6][7][8][9][10] , and Instruction set randomization (ISR) [3][4][5][6][7][8] is an approach to protect software by obstructing disassembly, where each processor (or group of processors) has a different instruction set. Software is protected from analysis or plagiarism by different or additional instruction coding system that is hidden from attackers.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design and implementation of instruction indirection for embedded software obfuscation

Fujieda

Tanaka

Ichikawa

2016

Microprocessors and Microsystems

View full text Add to dashboard Cite

Section: Protection Against Reverse Engineering and Instruction Set Rmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Design and implementation of instruction indirection for embedded software obfuscation

Fujieda

Tanaka

Ichikawa

2016

Microprocessors and Microsystems

View full text Add to dashboard Cite

“…Randomization was introduced in works [41,42] for defending against zero-day attacks. A similar approach can be followed for data anonymization.…”

Section: Anonymization Of Log Filesmentioning

confidence: 99%

An efficient and easily deployable method for dealing with DoS in SIP services

Tsiatsikas

Geneiatakis

Kambourakis

et al. 2015

Computer Communications

Self Cite

View full text Add to dashboard Cite

“…Some aim to prevent the vulnerability from becoming exploitable by verifying that an exploitation attempt has occurred: via bounds checking [21,34,48]; by inserting secret cookies, which must remain unmodified, before important memory locations [14,18]. Others will make it harder for an attacker to execute injected code by randomizing the base address of memory regions [7,9], encrypting pointers [13], code [5,22] or even all objects [8] while in memory and decrypting them before use. While yet other types of countermeasures will try and ensure that the program adheres to some predetermined policy [1,23,30].…”

Section: Code Injection Attacksmentioning

confidence: 99%

Filter-resistant code injection on ARM

et al. 2010

View full text Add to dashboard Cite

Code injection attacks are one of the most powerful and important classes of attacks on software. In these attacks, the attacker sends malicious input to a software application, where it is stored in memory. The malicious input is chosen in such a way that its representation in memory is also a valid representation of a machine code program that performs actions chosen by the attacker. The attacker then triggers a bug in the application to divert the control flow to this injected machine code. A typical action of the injected code is to launch a command interpreter shell, and hence the malicious input is often called shellcode. Attacks are usually performed against network facing applications, and such applications often perform validations or encodings on input. Hence, a typical hurdle for attackers, is that the shellcode has to pass one or more filtering methods before it is stored in the vulnerable application's memory space. Clearly, for a code injection attack to succeed, the malicious input must survive such validations and transformations. Alphanumeric input (consisting only of letters and digits) is typically very robust for this purpose: it passes most filters and is untouched by most transformations. This paper studies the power of alphanumeric shellcode on the ARM architecture. It shows that the subset of ARM machine code programs that (when interpreted as data) consist only of alphanumerical characters is a Turing complete subset. This is a non-trivial result, as the number of instructions that consist only of alphanumeric characters is very limited. To craft useful exploit code (and to achieve Turing completeness), several tricks are needed, including the use of self-modifying code.

show abstract

Countering code-injection attacks with instruction-set randomization

Cited by 432 publications

References 17 publications

Design and implementation of instruction indirection for embedded software obfuscation

Design and implementation of instruction indirection for embedded software obfuscation

An efficient and easily deployable method for dealing with DoS in SIP services

Filter-resistant code injection on ARM

Contact Info

Product

Resources

About