Skip to main content
SpringerLink
Log in

A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10014))

Included in the following conference series:

Abstract

The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.

The authors gratefully acknowledge Tekes – the Finnish Funding Agency for Innovation, DIMECC Oy and Cyber Trust research program for their support.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.exploit-db.com.

References

  1. Abadi, M., Plotkin, G.D.: On protection by layout randomization. ACM Trans. Inf. Syst. Secur. 15(2), 8:1–8:29 (2012)

    Article  Google Scholar 

  2. Athanasopoulos, E., Krithinakis, A., Markatos, E.P.: An architecture for enforcing JavaScript randomization in Web2.0 applications. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 203–209. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_18

    Chapter  Google Scholar 

  3. Athanasopoulos, E., Pappas, V., Krithinakis, A., Ligouras, S., Markatos, E.P., Karagiannis, T.: xJS: practical XSS prevention for web application development. In: Proceedings of the 2010 USENIX conference on Web application development, WebApps 2010, pp. 1–12. USENIX Association (2010)

    Google Scholar 

  4. Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanović, D.: Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur. 8(1), 3–40 (2005)

    Article  Google Scholar 

  5. Boyd, S.W., Kc, G.S., Locasto, M.E., Prevelakis, V., Keromytis, A.D.: On the general applicability of instruction-set randomization. IEEE Trans. Dependable Secure Comput. 7(3), 255–270 (2010)

    Article  Google Scholar 

  6. Boyd, S.W., Keromytis, A.D.: SQLrand: preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292–302. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24852-1_21

    Chapter  Google Scholar 

  7. Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Technical report, CMU (2002)

    Google Scholar 

  8. Chongkyung, K., Jinsuk, J., Bookholt, C., Xu, J., Peng, N.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 2006 Computer Security Applications Conference, ACSAC 2006, pp. 339–348, December 2006

    Google Scholar 

  9. Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)

    Article  Google Scholar 

  10. Coppens, B., De Sutter, B., De Bosschere, K.: Protecting your software updates. IEEE Secur. Priv. 11(2), 47–54 (2013)

    Article  Google Scholar 

  11. Forrest, S., Somayaji, A., Ackley, D.: Building diverse computer systems. In: Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), HOTOS 1997 (1997)

    Google Scholar 

  12. Franz, M.: E unibus pluram: massive-scale software diversity as a defense mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms, NSPW 2010, pp. 7–16. ACM (2010)

    Google Scholar 

  13. Gupta, A., Kerr, S., Kirkpatrick, M.S., Bertino, E.: Marlin: a fine grained randomization approach to defend against ROP attacks. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 293–306. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_22

    Chapter  Google Scholar 

  14. Gupta, A., Kirkpatrick, M.S., Bertino, E.: A secure architecture design based on application isolation, code minimization and randomization. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 423–429, October 2013

    Google Scholar 

  15. Hosseinzadeh, S., Rauti, S., Laurén, S., Mäkelä, J.-M., Holvitie, J., Hyrynsalmi, S., Leppänen, V.: Using diversification and obfuscation techniques for software security: a systematic literature review (2016)

    Google Scholar 

  16. Hovav, S., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, F.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM, New York (2004)

    Google Scholar 

  17. Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Jajodia, S., et al. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 77–98. Springer, New York (2011)

    Chapter  Google Scholar 

  18. Jiang, X., Wang, H.J., Xu, D., Wang, Y.-M.: RandSys: Thwarting code injection attacks with system service interface randomization. In IEEE International Symposium on Reliable Distributed Systems, SRDS 2007, pp. 209–218 (2007)

    Google Scholar 

  19. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 272–280. ACM, New York (2003)

    Google Scholar 

  20. Keromytis, A.D.: Randomized instruction sets and runtime environments past research and future directions. IEEE Secur. Priv. 7(1), 18–25 (2009)

    Article  Google Scholar 

  21. Kitchenham, B.: Guidelines for performing systematic literature reviews in software engineering. Technical report EBSE-2007-01, Keele University, School of Computer Science and Mathematics (2007)

    Google Scholar 

  22. Larsen, P., Brunthaler, S., Franz, M.: Security through diversity: are we there yet? IEEE Secur. Priv. 12(2), 28–35 (2014)

    Article  Google Scholar 

  23. Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 276–291, May 2014

    Google Scholar 

  24. Lauren, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: Proceedings of World Congress on Internet Security (WorldCIS-2014) (2014)

    Google Scholar 

  25. Liang, Z., Liang, B., Li, L.: A system call randomization based method for countering code injection attacks. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2009, pp. 584–587 (2009)

    Google Scholar 

  26. Locasto, M.E., Keromytis, A.D.: PachyRand: SQL randomization for the PostgreSQL JDBC driver. Technical report CUCS-033-05, Columbia University, Computer Science (2005)

    Google Scholar 

  27. Portokalidis, G., Keromytis, A.D.: Global ISR: toward a comprehensive defense against unauthorized code execution. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54, pp. 49–76. Springer, New York (2011)

    Chapter  Google Scholar 

  28. Rauti, S., Lauren, S., Hosseinzadeh, S., Mäkelä, J.-M., Hyrynsalmi, S., Leppänen, V.: Diversification of system calls in Linux binaries. In: Proceedings of the 6th International Conference on Trustworthy Systems (InTrust 2014) (2014)

    Google Scholar 

  29. Rauti, S., Teuhola, J., Leppänen, V.: Diversifying SQL to prevent injection attacks. In: Proceedings of Trustcom/BigDataSE/ISPA, pp. 344–351 (2015)

    Google Scholar 

  30. Rodes, B.: Stack layout transformation: towards diversity for securing binary programs. In: 2012 34th International Conference on Software Engineering (ICSE), pp. 1543–1546, June 2012

    Google Scholar 

  31. Uitto, J., Rauti, S., Mäkelä, J.-M., Leppänen, V.: Preventing malicious attacks by diversifying Linux shell commands. In: Proceedings of the 14th Symposium on Programming Languages and Software Tools (SPLST 2015), vol. 1525. CEUR Workshop Proceedings (2015)

    Google Scholar 

  32. Williams, D., Wei, H., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. IEEE Secur. Priv. 7(1), 26–33 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Turku, 20014, Turku, Finland

    Sampsa Rauti, Samuel Lauren, Joni Uitto, Shohreh Hosseinzadeh, Jukka Ruohonen, Sami Hyrynsalmi & Ville Leppänen

Authors
  1. Sampsa Rauti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samuel Lauren
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joni Uitto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shohreh Hosseinzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jukka Ruohonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sami Hyrynsalmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Ville Leppänen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sampsa Rauti .

Editor information

Editors and Affiliations

  1. Tampere University of Technology , Tampere, Finland

    Billy Bob Brumley

  2. Computer Science and Eng, University of Oulu, Oulu, Finland

    Juha Röning

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Rauti, S. et al. (2016). A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47560-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47559-2

  • Online ISBN: 978-3-319-47560-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation