The SPARC architecture manual: version 8
The SPARC architecture manual: version 8
Bochs: A Portable PC Emulator for Unix/X
Linux Journal
Retargetable and reconfigurable software dynamic translation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
Computer
Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Secure and practical defense against code-injection attacks using software dynamic translation
Proceedings of the 2nd international conference on Virtual execution environments
Known/Chosen Key Attacks against Software Instruction Set Randomization
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
PinOS: a programmable framework for whole-system dynamic instrumentation
Proceedings of the 3rd international conference on Virtual execution environments
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization
SRDS '07 Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Real-world buffer overflow protection for userspace & kernelspace
SS'08 Proceedings of the 17th conference on Security symposium
On the General Applicability of Instruction-Set Randomization
IEEE Transactions on Dependable and Secure Computing
PolyPack: an automated online packing service for optimal antivirus evasion
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Fast and practical instruction-set randomization for commodity systems
Proceedings of the 26th Annual Computer Security Applications Conference
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
The SPARCHS Project: Hardware Support for Software Security
SYSSEC '11 Proceedings of the 2011 First SysSec Workshop
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
A case for unlimited watchpoints
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Body armor for binaries: preventing buffer overflows without recompilation
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
Proceedings of the 2012 ACM conference on Computer and communications security
Improving integer security for systems with KINT
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Code injection attacks continue to pose a threat to today's computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection. To address these issues we propose ASIST: an architecture with hardware and operating system support for ISR. We present the design and implementation of ASIST by modifying and mapping a SPARC processor onto an FPGA board and running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process's instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.