Towards a diversification framework for operating system protection

In order to use resources of a computer, malware has to know the interfaces provided by the operating system. If we make these critical interfaces unique by diversifying the operating system and user applications, a piece of malware can no longer successfully interact with its environment. Diversification can be considered as a computer-specific secret. This paper discusses how this API diversification could be performed. We also study how much work would be needed to diversify the Linux kernel in order to hide the system call interface from malware.

[1]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[2]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[3]  Morgon Kanter,et al.  Enhancing Non-determinism in Operating Systems , 2014 .

[4]  Wei-Tsong Lee,et al.  An Application-Oriented Linux Kernel Customization for Embedded Systems , 2004, J. Inf. Sci. Eng..

[5]  Sushil Jajodia,et al.  Moving Target Defense II , 2013, Advances in Information Security.

[6]  Ville Leppänen,et al.  Chapter 28 – Man-in-the-Browser Attacks in Modern Web Browsers , 2014 .

[7]  Stephen Taylor,et al.  Attack Mitigation through Diversity , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[8]  Michael Jang,et al.  Mastering Linux , 1999 .

[9]  Sanna Salanterä,et al.  A Proxy-Based Security Solution for Web-Based Online eHealth Services , 2014 .

[10]  Ville Leppänen,et al.  Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures , 2012, CompSysTech '12.

[11]  Stephen Taylor,et al.  Bear -- A Resilient Kernel for Tactical Missions , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[12]  Lixi Chen Code Obfuscation Techniques for Software Protection , 2010 .

[13]  Michael Franz,et al.  Runtime Defense against Code Injection Attacks Using Replicated Execution , 2011, IEEE Transactions on Dependable and Secure Computing.

[14]  Axelle Apvrille,et al.  Reducing the window of opportunity for Android malware Gotta catch ’em all , 2012, Journal in Computer Virology.

[15]  Christian S. Collberg,et al.  The Obfuscation Executive , 2004, ISC.

[16]  Gregory Wroblewski,et al.  General Method of Program Code Obfuscation , 2002 .

[17]  Jack W. Davidson,et al.  Security through Diversity: Leveraging Virtual Machine Technology , 2009, IEEE Security & Privacy.

[18]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[19]  Arenberg Doctoral,et al.  Code Obfuscation Techniques for Software Protection , 2012 .

[20]  Jack W. Davidson,et al.  Moving Target Defenses in the Helix Self-Regenerative Architecture , 2013, Moving Target Defense.

[21]  Per Larsen,et al.  Diversifying the Software Stack Using Randomized NOP Insertion , 2013, Moving Target Defense.

[22]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[23]  Sotiris Ioannidis,et al.  ASIST: architectural support for instruction set randomization , 2013, CCS.