Web server protection by customized instruction set encoding

Authors:
Bernhard Fechner;Jörg Keller;Andreas Wohlfeld
Affiliations:
FernUniversität in Hagen, FB Informatik, LG Parallelität und VLSI, Hagen, Germany;FernUniversität in Hagen, FB Informatik, LG Parallelität und VLSI, Hagen, Germany;FernUniversität in Hagen, FB Informatik, LG Parallelität und VLSI, Hagen, Germany
Venue:
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Year:
2006

Citing 9
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Computer viruses: theory and experiments

Computers and Security
A Pathology of Computer Viruses

A Pathology of Computer Viruses
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Randomized instruction set emulation to disrupt binary code injection attacks

Proceedings of the 10th ACM conference on Computer and communications security
A framework for obfuscated interpretation

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
HIDE: an infrastructure for efficiently protecting information leakage on the address bus

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
The top speed of flash worms

Proceedings of the 2004 ACM workshop on Rapid malcode
On-Chip Lookup Tables for Fast Symmetric-Key Encryption

ASAP '05 Proceedings of the 2005 IEEE International Conference on Application-Specific Systems, Architecture Processors

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a novel technique to secure the execution of a processor against the execution of malicious code (trojans, viruses). The main idea is to permute parts of the opcode values so that it gets a different semantic meaning. A virus which does not know the permutation is not able to execute and will cause a failure such as segmentation violation, whereby the execution of malicious code is prevented. The permutation is realized by a lookup table. We develop several variants that require only small changes to microprocessors. We sketch how to bootstrap a system such that all intended applications (including operating system) are reversely permuted, and can execute as intended. While this will be cumbersome for typical personal computers, it will work for web servers, because the number of applications and frequency of installation is lower. Furthermore, web servers are particularly endangered: they cannot be protected as good as personal computers, because by the very nature of their duty they are more openly connected with the internet than any other computer in an organization's network.