2005
DOI: 10.1145/1053283.1053286
|View full text |Cite
|
Sign up to set email alerts
|

Randomized instruction set emulation

Abstract: Injecting binary code into a running program is a common form of attack. Most defenses employ a "guard the doors" approach, blocking known mechanisms of code injection. Randomized instruction set emulation (RISE) is a complementary method of defense, one that performs a hidden randomization of an application's machine code. If foreign binary code is injected into a program running under RISE, it will not be executable because it will not know the proper randomization. The paper describes and analyzes RISE, des… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
98
0
2

Year Published

2006
2006
2015
2015

Publication Types

Select...
4
1
1

Relationship

0
6

Authors

Journals

citations
Cited by 118 publications
(100 citation statements)
references
References 13 publications
0
98
0
2
Order By: Relevance
“…While this will be generally true, there are a few permutations of injected code that will result in working code that performs the attacker's task. We argue that this number will be statistically insignificant [19], and it is comparable with the probability of creating a valid buffer-overflow exploit using the output of a random number generator as code.…”
Section: Instruction-set Randomizationmentioning
confidence: 92%
See 2 more Smart Citations
“…While this will be generally true, there are a few permutations of injected code that will result in working code that performs the attacker's task. We argue that this number will be statistically insignificant [19], and it is comparable with the probability of creating a valid buffer-overflow exploit using the output of a random number generator as code.…”
Section: Instruction-set Randomizationmentioning
confidence: 92%
“…Barrantes et al [19] performed a study on the faults exhibited by a compromised process running under ISR, and show that such a process executes 5 or less x86 instructions before causing a fatal exception. The instructions that get actually executed are essentially random bytes produced by the de-randomization of the attacker's injected code.…”
Section: Security Considerationsmentioning
confidence: 99%
See 1 more Smart Citation
“…The probability of this event is 1 256 , which will require to repeat the attack about 256 times, well inside the acceptable range for bruteforcing without raising alarms in the target system. However, the overall probability of hitting a RET after some non-destructive instructions is even higher, as attested by the Markov-Chain analysis in [2]. After success, a new mask that is not covering real code is created, and the target process continues running, which allows the attacker to steal the mask for this (data) page using the techniques described in section 3.1.2 for tiled mode.…”
Section: Stealing the Key In Otp Modementioning
confidence: 99%
“…Randomize the location of the key. This solution, mentioned in [2], in reality requires the randomization of the position of any component that could indirectly lead to the mask address. That includes the table that contains the pointers to the masks, and anything that points to it from stack or heap, so it requires full address space layout randomization (ASLR) rather than just randomizing the key location.…”
Section: Portability Of Key-stealing Attacks and Possible Solutionsmentioning
confidence: 99%