Home

On The General Applicability of Instruction-Set Randomization

Stephen W. Boyd; Gaurav S. Kc; Michael E. Locasto; Angelos D. Keromytis; Vassilis Prevelakis

Title:
On The General Applicability of Instruction-Set Randomization
Author(s):
Boyd, Stephen W.
Kc, Gaurav S.
Locasto, Michael E.
Keromytis, Angelos D.
Prevelakis, Vassilis
Date:
Type:
Articles
Department:
Computer Science
Volume:
7
Permanent URL:
Book/Journal Title:
IEEE Transactions on Dependable and Secure Computing
Abstract:
We describe Instruction-Set Randomization (ISR), a general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoffs' principle to create OS process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that (randomized) environment, causing a runtime exception. Our approach is applicable to machine-language programs and scripting and interpreted languages. We discuss three approaches (protection for Intel x86 executables, Perl scripts, and SQL queries), one from each of the above categories. Our goal is to demonstrate the generality and applicability of ISR as a protection mechanism. Our emulator-based prototype demonstrates the feasibility ISR for x86 executables and should be directly usable on a suitably modified processor. We demonstrate how to mitigate the significant performance impact of emulation-based ISR by using several heuristics to limit the scope of randomized (and interpreted) execution to sections of code that may be more susceptible to exploitation. The SQL prototype consists of an SQL query-randomizing proxy that protects against SQL injection attacks with no changes to database servers, minor changes to CGI scripts, and with negligible performance overhead. Similarly, the performance penalty of a randomized Perl interpreter is minimal. Where the performance impact of our proposed approach is acceptable (i.e., in an already-emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a broad protection mechanism and complement other security mechanisms.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1109/TDSC.2008.58
Item views:
135
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use