An Architectural Approach to Preventing Code Injection Attacks

Code injection attacks, despite being well researched, continue to be a problem today. Modern architectural solutions such as the execute-disable bit and PaX have been useful in limiting the attacks; however, they enforce program layout restrictions and can oftentimes still be circumvented by a determined attacker. We propose a change to the memory architecture of modern processors that addresses the code injection problem at its very root by virtually splitting memory into code memory and data memory such that a processor will never be able to fetch injected code for execution. This virtual split memory system can be implemented as a software-only patch to an operating system and can be used to supplement existing schemes for improved protection. Furthermore, our system is able to accommodate a number of response modes when a code injection attack occurs. Our experiments with both benchmarks and real-world attacks show the system is effective in preventing a wide range of code injection attacks while incurring reasonable overhead.

[1]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[2]  Axelle Apvrille,et al.  DigSig: Runtime Authentication of Binaries at Kernel Level , 2004, LISA.

[3]  Xuxian Jiang,et al.  An Architectural Approach to Preventing Code Injection Attacks , 2010, IEEE Transactions on Dependable and Secure Computing.

[4]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[5]  Xuxian Jiang,et al.  "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots , 2007, RAID.

[6]  Daniel C. DuVarney,et al.  Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.

[7]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[8]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[9]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[10]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[11]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[12]  T. C. Bartee,et al.  Proposed automatic calculating machine , 1964 .

[13]  Angelos D. Keromytis,et al.  Building a Reactive Immune System for Software Services , 2005, USENIX Annual Technical Conference, General Track.

[14]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[15]  Tzi-cker Chiueh,et al.  Checking array bound violation using segmentation hardware , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[16]  John von Neumann,et al.  First draft of a report on the EDVAC , 1993, IEEE Annals of the History of Computing.

[17]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Howard H. Aiken,et al.  The automatic sequence controlled calculator — III , 1946, Electrical Engineering.

[19]  Paul C. van Oorschot,et al.  Hardware-assisted circumvention of self-hashing software tamper resistance , 2005, IEEE Transactions on Dependable and Secure Computing.

[20]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.