Title :
Against Code Injection with System Call Randomization
Author :
Liang, Zhaohui ; Liang, Bin ; Li, Luping ; Chen, Wei ; Kang, Qingqing ; Gu, Yingqin
Author_Institution :
Sch. of Inf., Renmin Univ. of China, Beijing
Abstract :
The existing code injection attack defense methods have some deficiencies on performance overhead and effectiveness. In order to ensure the system performance, we propose a method that uses system call randomization to counter code injection attacks based on instruction set randomization idea. An injected code would perform its actions with system calls. System call randomization on operating system level will prevent the injected code from executing correctly. Moreover, with an extended compiler, our method can perform source code randomization during compiling and implement binary executable files randomization by feature matching. The experiments show that our method can effectively counter variety code injection attacks with low overhead.
Keywords :
operating systems (computers); security of data; code injection attack defense methods; feature matching; instruction set randomization idea; operating system; source code randomization; system call randomization; Communication system security; Computer networks; Counting circuits; Data security; Equations; Information security; Kernel; Laboratories; Operating systems; Wireless communication; Code Injection; Randomization; Ssystem Call;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.39