Your browser does not support JavaScript!

Home    Architectural support for instruction set randomization  

Results - Details

Add to Basket
[Add to Basket]
Identifier 000388639
Title Architectural support for instruction set randomization
Alternative Title Αρχιτεκτονική υποστήριξη για την τυχαιοποίηση του συνόλου των εντολών του επεξεργαστή
Author Λούτσης, Λαέρτης Η.
Thesis advisor Μαρκάτος, Ευάγγελος
Reviewer Ιωαννίδης, Σωτήρης
Παπαδοπούλη, Μαρία
Abstract Code injection attacks continue to pose a threat to today's computing sys¬tems, as they exploit software vulnerabilities to inject and execute arbitrary or malicious code. Instruction Set Randomization (ISR) is able to protect a system against remote machine code injection attacks by randomizing the instruction set of each process. This way, the attacker will inject invalid code that will fail to execute on the randomized processor and thus, the attack will fail as well. However, all the existing implementations of ISR are based on emulators and binary instrumentation tools that (i) incur a significant runtime performance overhead, (ii) limit the ease of deployment of ISR, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts trying to bypass ISR protection. To address these issues we propose ASIST: an architecture with hard-ware and operating system support for ISR. We present the design and implementation of ASIST by modifying a SPARC processor, mapping it onto an FPGA board and finally running our modified Linux kernel to support the new features. The operating system loads the randomization key of each running process into a newly defined register, and the modified processor decodes the process's instructions with this key before execution. Moreover, ASIST protects the system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges, by using a separate randomization key for the operating system. We show that ASIST transparently protects all applications and the op¬erating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional hardware.
Language English, Greek
Subject Encryption
ISR
Κρυπτογράφηση
Issue date 2014-11-21
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
  Type of Work--Post-graduate theses
Views 503

Digital Documents
No preview available

Download document
View document
Views : 15