TY - GEN
T1 - MTD
T2 - 5th International Symposium on Computer Science and Intelligent Controls, ISCSIC 2021
AU - Masumoto, Takeshi
AU - Kyi Oo, Wai Kyi
AU - Koide, Hiroshi
N1 - Funding Information:
T?is research is supported by ?he Japan Socie?y for ?he e?romotion o? Science and Technology ?eLST) S?ra?egic
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks. System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inj ect the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at runtime to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-Time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-Time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.
AB - The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks. System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inj ect the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at runtime to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-Time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-Time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.
UR - http://www.scopus.com/inward/record.url?scp=85124150272&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85124150272&partnerID=8YFLogxK
U2 - 10.1109/ISCSIC54682.2021.00054
DO - 10.1109/ISCSIC54682.2021.00054
M3 - Conference contribution
AN - SCOPUS:85124150272
T3 - Proceedings - 2021 International Symposium on Computer Science and Intelligent Controls, ISCSIC 2021
SP - 257
EP - 263
BT - Proceedings - 2021 International Symposium on Computer Science and Intelligent Controls, ISCSIC 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 12 November 2021 through 14 November 2021
ER -