A heuristic policy-based system call interposition in Dynamic Binary Translation

Dynamic binary translation (DBT) is a well known software technology that enables seamless cross-ISA execution. Unfortunately, many malicious programs that may lead to unauthorized access can run easily and unrestrictedly under the DBT system. Because these malicious programs must go through the system call interface to take malicious action, system call interposition has become a widely used technique for intrusion detection and prevention. In this paper, we present HPSCIBit, a solution that efficiently confines malicious applications, supports automatic policy generation and interactive policy generation, intrusion detection and prevention in the DBT system. The experimental result on SPEC2000 CINT benchmarks shows that HPSCIBit is an effective and low overhead solution to the cross-ISA security issues.