DocumentCode :
493142
Title :
Against Code Injection with System Call Randomization
Author :
Liang, Zhaohui ; Liang, Bin ; Li, Luping ; Chen, Wei ; Kang, Qingqing ; Gu, Yingqin
Author_Institution :
Sch. of Inf., Renmin Univ. of China, Beijing
Volume :
1
fYear :
2009
fDate :
25-26 April 2009
Firstpage :
584
Lastpage :
587
Abstract :
The existing code injection attack defense methods have some deficiencies on performance overhead and effectiveness. In order to ensure the system performance, we propose a method that uses system call randomization to counter code injection attacks based on instruction set randomization idea. An injected code would perform its actions with system calls. System call randomization on operating system level will prevent the injected code from executing correctly. Moreover, with an extended compiler, our method can perform source code randomization during compiling and implement binary executable files randomization by feature matching. The experiments show that our method can effectively counter variety code injection attacks with low overhead.
Keywords :
operating systems (computers); security of data; code injection attack defense methods; feature matching; instruction set randomization idea; operating system; source code randomization; system call randomization; Communication system security; Computer networks; Counting circuits; Data security; Equations; Information security; Kernel; Laboratories; Operating systems; Wireless communication; Code Injection; Randomization; Ssystem Call;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
Type :
conf
DOI :
10.1109/NSWCTC.2009.39
Filename :
4908334
Link To Document :
بازگشت