Abstract
The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.
The authors gratefully acknowledge Tekes – the Finnish Funding Agency for Innovation, DIMECC Oy and Cyber Trust research program for their support.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Abadi, M., Plotkin, G.D.: On protection by layout randomization. ACM Trans. Inf. Syst. Secur. 15(2), 8:1–8:29 (2012)
Athanasopoulos, E., Krithinakis, A., Markatos, E.P.: An architecture for enforcing JavaScript randomization in Web2.0 applications. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 203–209. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_18
Athanasopoulos, E., Pappas, V., Krithinakis, A., Ligouras, S., Markatos, E.P., Karagiannis, T.: xJS: practical XSS prevention for web application development. In: Proceedings of the 2010 USENIX conference on Web application development, WebApps 2010, pp. 1–12. USENIX Association (2010)
Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanović, D.: Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur. 8(1), 3–40 (2005)
Boyd, S.W., Kc, G.S., Locasto, M.E., Prevelakis, V., Keromytis, A.D.: On the general applicability of instruction-set randomization. IEEE Trans. Dependable Secure Comput. 7(3), 255–270 (2010)
Boyd, S.W., Keromytis, A.D.: SQLrand: preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292–302. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24852-1_21
Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Technical report, CMU (2002)
Chongkyung, K., Jinsuk, J., Bookholt, C., Xu, J., Peng, N.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 2006 Computer Security Applications Conference, ACSAC 2006, pp. 339–348, December 2006
Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)
Coppens, B., De Sutter, B., De Bosschere, K.: Protecting your software updates. IEEE Secur. Priv. 11(2), 47–54 (2013)
Forrest, S., Somayaji, A., Ackley, D.: Building diverse computer systems. In: Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), HOTOS 1997 (1997)
Franz, M.: E unibus pluram: massive-scale software diversity as a defense mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms, NSPW 2010, pp. 7–16. ACM (2010)
Gupta, A., Kerr, S., Kirkpatrick, M.S., Bertino, E.: Marlin: a fine grained randomization approach to defend against ROP attacks. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 293–306. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_22
Gupta, A., Kirkpatrick, M.S., Bertino, E.: A secure architecture design based on application isolation, code minimization and randomization. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 423–429, October 2013
Hosseinzadeh, S., Rauti, S., Laurén, S., Mäkelä, J.-M., Holvitie, J., Hyrynsalmi, S., Leppänen, V.: Using diversification and obfuscation techniques for software security: a systematic literature review (2016)
Hovav, S., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, F.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM, New York (2004)
Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Jajodia, S., et al. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 77–98. Springer, New York (2011)
Jiang, X., Wang, H.J., Xu, D., Wang, Y.-M.: RandSys: Thwarting code injection attacks with system service interface randomization. In IEEE International Symposium on Reliable Distributed Systems, SRDS 2007, pp. 209–218 (2007)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 272–280. ACM, New York (2003)
Keromytis, A.D.: Randomized instruction sets and runtime environments past research and future directions. IEEE Secur. Priv. 7(1), 18–25 (2009)
Kitchenham, B.: Guidelines for performing systematic literature reviews in software engineering. Technical report EBSE-2007-01, Keele University, School of Computer Science and Mathematics (2007)
Larsen, P., Brunthaler, S., Franz, M.: Security through diversity: are we there yet? IEEE Secur. Priv. 12(2), 28–35 (2014)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 276–291, May 2014
Lauren, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: Proceedings of World Congress on Internet Security (WorldCIS-2014) (2014)
Liang, Z., Liang, B., Li, L.: A system call randomization based method for countering code injection attacks. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2009, pp. 584–587 (2009)
Locasto, M.E., Keromytis, A.D.: PachyRand: SQL randomization for the PostgreSQL JDBC driver. Technical report CUCS-033-05, Columbia University, Computer Science (2005)
Portokalidis, G., Keromytis, A.D.: Global ISR: toward a comprehensive defense against unauthorized code execution. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54, pp. 49–76. Springer, New York (2011)
Rauti, S., Lauren, S., Hosseinzadeh, S., Mäkelä, J.-M., Hyrynsalmi, S., Leppänen, V.: Diversification of system calls in Linux binaries. In: Proceedings of the 6th International Conference on Trustworthy Systems (InTrust 2014) (2014)
Rauti, S., Teuhola, J., Leppänen, V.: Diversifying SQL to prevent injection attacks. In: Proceedings of Trustcom/BigDataSE/ISPA, pp. 344–351 (2015)
Rodes, B.: Stack layout transformation: towards diversity for securing binary programs. In: 2012 34th International Conference on Software Engineering (ICSE), pp. 1543–1546, June 2012
Uitto, J., Rauti, S., Mäkelä, J.-M., Leppänen, V.: Preventing malicious attacks by diversifying Linux shell commands. In: Proceedings of the 14th Symposium on Programming Languages and Software Tools (SPLST 2015), vol. 1525. CEUR Workshop Proceedings (2015)
Williams, D., Wei, H., Davidson, J.W., Hiser, J.D., Knight, J.C., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. IEEE Secur. Priv. 7(1), 26–33 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Rauti, S. et al. (2016). A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-47560-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47559-2
Online ISBN: 978-3-319-47560-8
eBook Packages: Computer ScienceComputer Science (R0)