论文信息 - Against Code Injection with System Call Randomization

Against Code Injection with System Call Randomization

The existing code injection attack defense methods have some deficiencies on performance overhead and effectiveness. In order to ensure the system performance, we propose a method that uses system call randomization to counter code injection attacks based on instruction set randomization idea. An injected code would perform its actions with system calls. System call randomization on operating system level will prevent the injected code from executing correctly. Moreover, with an extended compiler, our method can perform source code randomization during compiling and implement binary executable files randomization by feature matching. The experiments show that our method can effectively counter variety code injection attacks with low overhead.

[1] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[2] Akinori Yonezawa,et al. Prevention of Code-Injection Attacks by Encrypting System Call Arguments , 2006 .

[3] Crispin Cowan,et al. StackGuard: Simple Stack Smash Protection for GCC , 2004 .

[4] Dawn Song,et al. Mitigating buffer overflows by operating system randomization , 2002 .

[5] Angelos D. Keromytis,et al. Building a Reactive Immune System for Software Services , 2005, USENIX Annual Technical Conference, General Track.

[6] David H. Ackley,et al. Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[7] Helen J. Wang,et al. RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).