short-paper

Internal interface diversification with multiple fake interfaces

Authors:

Ville LeppänenAuthors Info & Claims

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

Pages 245 - 250

https://doi.org/10.1145/3136825.3136900

Published: 13 October 2017 Publication History

Abstract

Malware uses knowledge of well-known interfaces to achieve its goals. However, if we uniquely diversify these interfaces in each system, the malware no longer knows the "language" of a specific system and it becomes much more difficult for malicious programs to operate. This paper extends the idea of interface diversification by presenting a scheme where a fake original interface and multiple other fake interfaces are provided along with the valid interface in order to log the suspicious activity in the system and possibly deceive malware by initiating fallacious interaction with it. We also present a proof-of-concept implementation of this scheme in Linux environment and conduct experiments with it.

References

[1]

S.W. Boyd and A.D. Keromytis. 2004. SQLrand: Preventing SQL Injection Attacks. In Applied Cryptography and Network Security (Lecture Notes in Computer Science Volume 3089). 292--302.

[2]

V. Chandola, A. Banerjee, and V. Kumar. 2009. Anomaly Detection: A Survey. ACM Comput. Surv. 41, 3, Article 15 (July 2009), 58 pages.

Digital Library

[3]

F.B. Cohen. 1993. Operating System Protection through Program Evolution. Comput. Secur. 12, 6 (1993), 565--584.

Digital Library

[4]

C. Collberg, S. Martin, J. Myers, and J. Nagra. 2012. Distributed Application Tamper Detection via Continuous Software Updates. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, 319--328.

Digital Library

[5]

C. Collberg, C. Thomborson, and D. Low. 1997. A Taxonomy of Obfuscation Transformations. Technical Report 148. The University of Auckland.

[6]

S. Forrest, A. Somayaji, and D. Ackley. 1997. Building Diverse Computer Systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI) (HOTOS '97).

Digital Library

[7]

M. Franz. 2010. E Unibus Pluram: Massive-scale Software Diversity As a Defense Mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms (NSPW '10). ACM, 7--16.

Digital Library

[8]

F. Hohl. 1998. Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In Mobile Agents and Security. Springer-Verlag, 92--113.

Digital Library

[9]

A. Homescu, T. Jackson, S. Crane, S. Brunthaler, P. Larsen, and M. Franz. 2017. Large-Scale Automated Software Diversity x2014;Program Evolution Redux. IEEE Transactions on Dependable and Secure Computing 14, 2 (2017), 158--171.

Digital Library

[10]

S. Jajodia, A. K Ghosh, V. Swarup, C. Wang, and S. Wang. 2011. Moving target defense: creating asymmetric uncertainty for cyber threats. Vol. 54. Springer Science & Business Media.

Digital Library

[11]

G.S. Kc, A.D. Keromytis, and V. Prevelakis. 2003. Countering Code-injection Attacks with Instruction-set Randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 272--280.

Digital Library

[12]

S. Lauren, P. Mäki, S. Rauti, S. Hosseinzadeh, S. Hyrynsalmi, and V. Leppänen. 2014. Symbol diversification of linux binaries. In World Congress on Internet Security (WorldCIS-2014). IEEE, 74--79.

[13]

S. Lauren, P. Mäki, S. Rauti, S. Hosseinzadeh, S. Hyrynsalmi, and V. Leppänen. 2014. Symbol diversification of Linux binaries. In 2014 World Congress on Internet Security (WorldCIS). IEEE, 74--79.

[14]

S. Laurén, S. Rauti, and V. Leppänen. 2016. An interface diversified honeypot for malware analysis. In Proccedings of the 10th European Conference on Software Architecture Workshops. 29:1--29:6.

Digital Library

[15]

Z. Liang, B. Liang, and L. Li. 2009. A System Call Randomization Based Method for Countering Code Injection Attacks. In International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2009). 584--587.

Digital Library

[16]

V. Pappas, M. Polychronakis, and A.D. Keromytis. 2013. Practical Software Diversification Using In-Place Code Randomization. In Moving Target Defense II, Sushil Jajodia, Anup K. Ghosh, V.S. Subrahmanian, Vipin Swarup, Cliff Wang, and X. Sean Wang (Eds.). Advances in Information Security, Vol. 100. Springer, 175--202.

[17]

S. Rauti, S. Lauren, J. Uitto, S. Hosseinzadeh, J. Ruohonen, S. Hyrynsalmi, and V. Leppänen. 2016. A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification. Springer International Publishing, 152--168.

[18]

S. Rauti and V. Leppänen. 2017. A Survey on Fake Entities as a Method to Detect and Monitor Malicious Activity. In 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP). 386--390.

[19]

S. Rauti, J. Teuhola, and V. Leppänen. 2015. Diversifying SQL to Prevent Injection Attacks. In Proceedings of Trustcom/BigDataSE/ISPA. 344--351.

Digital Library

[20]

D.M. Stanley, Dongyan X., and E.H. Spafford. 2013. Improved kernel security through memory layout randomization. In Performance Computing and Communications Conference (IPCCC), 2013 IEEE 32nd International. 1--10.

[21]

G. Tandon and P.K. Chan. 2003. Learning rules from system call arguments and sequences for anomaly detection. In ICDM Workshop on Data Mining for Computer Security (DMSEC). 20--29.

[22]

J. Uitto, S. Rauti, J.-M. Mäkelä, and V. Leppänen. 2015. Preventing Malicious Attacks by Diversifying Linux Shell Commands. In Proceedings of the 14th Symposium on Programming Languages and Software Tools (SPLST'15) (CEUR Workshop Proceedings 1525).

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Rauti S(2021)Interface Diversification as a Software Security Mechanism – Benefits and ChallengesInformation Technology and Systems10.1007/978-3-030-68285-9_45(479-488)Online publication date: 31-Jan-2021
https://doi.org/10.1007/978-3-030-68285-9_45

Index Terms

Internal interface diversification with multiple fake interfaces
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

An interface diversified honeypot for malware analysis
ECSAW '16: Proccedings of the 10th European Conference on Software Architecture Workshops

Defending information systems against advanced attacks is a challenging task; even if all the systems have been properly updated and all the known vulnerabilities have been patched, there is still the possibility of previously unknown zero day attack ...
A Survey on Aims and Environments of Diversification and Obfuscation in Software Security
CompSysTech '16: Proceedings of the 17th International Conference on Computer Systems and Technologies 2016

Diversification and obfuscation methods are promising approaches used to secure software and prevent malware from functioning. Diversification makes each software instance unique so that malware attacks cannot rely on the knowledge of the program's ...
Uncovering network tarpits with degreaser
ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference

Network tarpits, whereby a single host or appliance can masquerade as many fake hosts on a network and slow network scanners, are a form of defensive cyber-deception. In this work, we develop degreaser, an efficient fingerprinting tool to remotely ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

October 2017

321 pages

ISBN:9781450353038

DOI:10.1145/3136825

General Chairs:
Rajveer Singh Shekhawat
Manipal University Jaipur, India
,
M. S. Gaur
IIT Jammu, India
,
Atilla Elci
Aksaray University, Turkey
,
Jaideep Vaidya
Rutgers University
,
Oleg Makarevich
Southern Federal University, Russia
,
Ron Poet
University of Glasgow, UK
,
Mehmet Orgun
McQuarie Univ, Australia
,
Vijaypal S. Dhaka
Manipal University Jaipur, India
,
Manoj K. Bohra
Manipal University Jaipur, India
,
Virender Singh
IIT Bombay, India
,
Ludmila Babenko
Southern Federal University, Russia
,
Naghmeh M. Sheykhkanloo
Napier University, UK
,
Behnam Rahnama
Medis Inc., Iran

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

SIN '17

SIN '17: Security of Information and Networks

October 13 - 15, 2017

Jaipur, India

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
52
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Rauti S(2021)Interface Diversification as a Software Security Mechanism – Benefits and ChallengesInformation Technology and Systems10.1007/978-3-030-68285-9_45(479-488)Online publication date: 31-Jan-2021
https://doi.org/10.1007/978-3-030-68285-9_45

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten