Fast and practical instruction-set randomization for commodity systems

Georgios Portokalidis, Angelos D. Keromytis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

58 Scopus citations

Abstract

Instruction-set randomization (ISR) is a technique based on randomizing the "language" understood by a system to protect it from code-injection attacks. Such attacks were used by many computer worms in the past, but still pose a threat as it was confirmed by the recent Conficker worm outbreak, and the latest exploits targeting some of Adobe's most popular products. This paper presents a fast and practical implementation of ISR that can be applied on currently deployed software. Our solution builds on a binary instrumentation tool to provide an ISR-enabled execution environment entirely in software. Applications are randomized using a simple XOR function and a 16-bit key that is randomly generated every time an application is launched. Shared libraries can be also randomized using separate keys, and their randomized versions can be used by all applications running under ISR. Moreover, we introduce a key management system to keep track of the keys used in the system. To the best of our knowledge we are the first to apply ISR on truly shared libraries. Finally, we evaluate our implementation using real applications including the Apache web server, and the MySQL database server. For the first, we show that our implementation has negligible overhead (less than 1%) for static HTML loads, while the overhead when running MySQL can be as low as 75%. We see that our system can be used with little cost with I/O intensive network applications, while it can also be a good candidate for deployment with CPU intensive applications, in scenarios where security outweighs performance.

Original languageEnglish
Title of host publicationProceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010
Pages41-48
Number of pages8
DOIs
StatePublished - 2010

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Keywords

  • code-injection
  • performance
  • randomization
  • security

Fingerprint

Dive into the research topics of 'Fast and practical instruction-set randomization for commodity systems'. Together they form a unique fingerprint.

Cite this