DocumentCode :
3113098
Title :
INSeRT: Protect Dynamic Code Generation against spraying
Author :
Wei, Tao ; Wang, Tielei ; Duan, Lei ; Luo, Jing
Author_Institution :
Inst. of Comput. Sci. & Technol., Peking Univ., Beijing, China
fYear :
2011
fDate :
26-28 March 2011
Firstpage :
323
Lastpage :
328
Abstract :
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, and DCG-Spraying attack can easily circumvent DEP and ASLR protection mechanisms built in modern operating systems. We propose a new protection method, INSeRT, which combines randomization of intrinsic elements of machine instructions and randomly planted special trapping snippets. INSeRT practically renders the “sprayed code” ineffective, while alerts the host program of ongoing attacking attempts. We implemented a prototype of INSeRT on the V8 JavaScript engine with a performance overhead of less than 5%, which should be acceptable in practical application.
Keywords :
Internet; operating systems (computers); program compilers; ASLR protection; DCG spraying; DEP protection; INSeRT; V8 JavaScript engine; Web 2.0; dynamic code generation; machine instruction; operating system; sprayed code; Charge carrier processes; Engines; Internet; Payloads; Registers; Security; Spraying;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Science and Technology (ICIST), 2011 International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-9440-8
Type :
conf
DOI :
10.1109/ICIST.2011.5765261
Filename :
5765261
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3113098
بازگشت