Randomized instruction set emulation

ACM Transactions on Information and System Security

Volumn 8, Issue 1, 2005, Pages 3-40

  Barrantes, Elena Gabriela ^a,b   Ackley, David H ^a,b   Forrest, Stephanie ^a,b   Stefanović, Darko ^a,b  

^a UNIVERSITY OF NEW MEXICO   (United States)

^b University of New Mexico   (United States)

Author keywords

Automated diversity; Randomized instruction sets; Software diversity

Indexed keywords

AUTOMATED DIVERSITY; BINARY CODE; RANDOMIZED INSTRUCTION SETS; SOFTWARE DIVERSITY;

CODES (SYMBOLS); COMPUTER PROGRAMMING; COMPUTER PROGRAMMING LANGUAGES; CRYPTOGRAPHY; DISTRIBUTED COMPUTER SYSTEMS; INTERFACES (COMPUTER); MICROPROCESSOR CHIPS; PROBABILITY;

COMPUTER SOFTWARE;

EID: 16644362894     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/1053283.1053286     Document Type: Article

References (68)

1. ANDERSON, R. 2003. "Trusted Computing" and competition policy - Issues for computing professionals. Upgrade IV, 3 (June), 35-41.
2. ARBAUGH, W. A. 2002. Improving the TCPA specification. IEEE Comput. 35, 8 (Aug.), 77-79.
3. AVIJIT, K., GUPTA, P., AND GUPTA, D. 2004. Tied, libsafeplus: Tools for dynamic buffer overflow protection. In Proceeding of the 13th USENIX Security Symposium. San Diego, CA.
4. AVIZIENIS, A. 1995. The methodology of N-version programming. In Software Fault Tolerance, M. Lyu, Ed. Wiley, New York, 23-46.
5. AVIZIENIS, A. AND CHEN, L. 1977. On the implementation of N-Version programming for software fault tolerance during execution. In Proceedings of IEEE COMPSAC 77. 149-155.
6. BALA, V., DUESTERWALD, E., AND BANERJIA, S. 2000. Dynamo: A transparent dynamic optimization system. In Proceedings of the ACM SIGPLAN '00 Conference on Programming language design and implementation. ACM Press, Vancouver, British Columbia, Canada, 1-12.
7. BARATLOO, A., SINGH, N., AND TSAI, T. 2000. Transparent run-time defense against stack smashing attacks. In Proceedings of the 2000 USENIX Annual Technical Conference (USENIX-00), Berkeley, CA. 251-262.
8. BARRANTES, E. G., ACKLEY, D., FORREST, S., PALMER, T., STEFANOVIC, D., AND Zovi, D. D. 2003. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC. 272-280.
9. BEST, R. M. 1979. Microprocessor for executing enciphered programs, U.S. Patent no. 4 168 396.
10. BEST, R. M. 1980. Preventing software piracy with crypto-microprocessors. In Proceedings of the IEEE Spring COMPCON '80, San Francisco, CA. 466-469.
11. BHATKAE, S., DUVARNEY, D., AND SEKAR, R. 2003. Address obfuscation: An approach to combat buffer overflows, format-string attacks and more. In Proceedings of the 12th USENIX Security Symposium, Washington, DC. 105-120.
12. BOYD, S. W. AND KEROMYTIS, A. D. 2004. SQLrand: Preventing SQL injection attacks. In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference. Yellow Mountain, China. 292-302.
13. BRUENING, D., AMARASINGHE, S., AND DUESTERWALD, E. 2001. Design and implementation of a dynamic optimization framework for Windows. In 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4).
14. BUTLER, T. R. 2004. Bochs. http://bochs.sourceforge.net/.
15. CHEW, M. AND SONG, D. 2002. Mitigating Buffer Overflows by Operating System Randomization. Tech. Rep. CMU-CS-02-197, Department of Computer Science, Carnegie Mellon University.
16. CHIUEH, T. AND Hsu, F.-H. 2001. Rad: A compile-time solution to buffer overflow attacks. In Proceedings of the 21st International Conference on Distributed Computing Systems (ICDCS), Phoenix, AZ. 409-420.
17. COHEN, F. 1993. Operating system protection through program evolution. Computers and Security 12, 6 (Oct.), 565-584.
18. CORE SECURITY. 2004. CORE security technologies, http://www1.corest.com/ home/home.php.
19. COWAN, C., BARRINGER, M., BEATTIE, S., AND KROAH-HARTMAN, G. 2001. Format guard: Automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, DC. 191-199.
20. COWAN, C., BEATTIE, S., JOHANSEN, J., AND WAGLE, P. 2003. Pointguard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, Washington, DC. 91-104.
21. COWAN, C., HINTON, H., PU, C., AND WALPOLE, J. 2000. A cracker patch choice: An analysis of post hoc security techniques. In National Information Systems Security Conference (NISSC), Baltimore MD.
22. COWAN, C., Pu, C., MAIER, D., HINTON, H., BAKKE, P., BEATTIE, S., GRIEB, A., WAGLE, P., AND ZHANG, Q. 1998. Automatic detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX.
23. COWAN, C., WAGLE, P., PU, C., BEATTIE, S., AND WALPOLE, J. 2000b. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Exposition (DISCEX 2000). 119-129.
24. DALLAS SEMICONDUCTOR. 1999. DS5002FP secure microprocessor chip. http://pdfserv.maxim-ic.com/en/ds/DS5002FP.pdf.
25. DOR, N., RODEH, M., AND SAGIV, M. 2003. CSSV: Towards a realistic tool for statically detecting all buffer overflows in c. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation. 155-167.
26. ETOH, H. AND YODA, K. 2000. Protecting from stack-smashing attacks. Web publishing, IBM Research Division, Tokyo Research Laboratory, http://www.trl.ibm.com/projects/security/ssp/main.html. June 19.
27. ETOH, H. AND YODA, K. 2001. Propolice: Improved stack smashing attack detection. IPSJ SIG-Notes Computer Security (CSEC) 14 (Oct. 26).
28. FAYOLLE, P.-A. AND GLAUME, V. 2002. A buffer overflow study, attacks & defenses. Web publishing, ENSEIRB, http://www.wntrmute.com/docs/ ufferoverflow/report.html.
29. FORREST, S., SOMAYAJI, A., AND ACKLEY, D. 1997. Building diverse computer systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems. 67-72.
30. FRANTZEN, M. AND SHUEY, M. 2001. Stackghost: Hardware facilitated stack protection. In Proceedings of the 10th USENIX Security Symposium. Washington, DC.
31. GERA AND RIQ. 2002. Smashing the stack for fun and profit. Phrack B9, 11 (July 28).
32. HARPER, M. 2002. SQL injection attacks - Are you safe? In Sitepoint, http://www.sitepoint.com/article/794.
33. IBM. 2003. PowerPC Microprocessor Family: Programming Environments Manual for 64 and 32-Bit Microprocessors. Version 2.0. Number order nos. 253665, 253666, 253667, 253668.
34. INTEL CORPORATION. 2004. The IA-32 Intel Architecture Software Developer's Manual. Number order nos. 253665, 253666, 253667, 253668.
35. JIM, T., MORRISETT, G., GROSSMAN, D., HICKS, M., CHENEY, J., AND WANG, Y. 2002. Cyclone: A safe dialect of c. In Proceedings of the USENIX Annual Technical Conference, Monterey, CA. 275-288.
36. JONES, R. W. M. AND KELLY, P. H. 1997. Backwards-compatible bounds checking for arrays and pointers in C programs, In 3rd International Workshop on Automated Debugging. 13-26.
37. Kc, G. S., KEROMYTIS, A. D., AND PREVELAKIS, V. 2003. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM Press, Washington, DC. 272-280.
38. KIRIANSKY, V., BRUENING, D., AND AMARASINGHE, S. 2002. Secure execution via program sheperding. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA.
39. KLAIBER, A. 2000. The technology behind the crusoe processors. White Paper http://www.transmeta.com/pdf/white_papers/paper_aklaiber_19jan00.pdf. January.
40. KUHN, M. 1997. The TrustNo 1 Cryptoprocessor Concept. Tech. Rep. CS555 Report, Purdue University. April 04.
41. LAROCHELLE, D. AND EVANS, D. 2001. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, DC. 177-190.
42. LHEE, K. AND CHAPIN, S. J. 2002. Type-assisted dynamic buffer overflow detection. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA. 81-88.
43. MILENKOVIĆ, M., MILENCOVIĆ, A., AND JOVANOV, E. 2004. A framework for trusted instruction execution via basic block signature verification. In Proceedings of the 42nd Annual Southeast Regional Conference (ACM SE'04). ACM Press, Huntsville, AL. 191-196.
44. NAHUM, E. M. 2002. Deconstructing specweb99. In Proceedings of 7th International Workshop on Web Content Caching and Distribution, Boulder, CO.
45. NEBENZAHL, D. AND WOOL, A. 2004. Install-time vaccination of Windows executables to defend against stack smashing attacks. In Proceedings of the 19th IFIP International Information Security Conference. Kluwer, Toulouse, France, 225-240.
46. NECULA, G. C., McPEAK, S., AND WEIMEE, W. 2002. Ccured: Type-safe retrofitting of legacy code. In Proceedings of the Symposium on Principles of Programming Languages. 128-139.
47. NERGAL. 2001, The advanced return-into-lib(c) exploits. Phrack 58, 4 (Dec.).
48. NETHERCOTE, N. AND SEWARD, J. 2003. Valgrind: A program supervision framework. In Electronic Notes in Theoretical Computer Science, O. Sokolsky and M. Viswanathan, Eds. Vol. 89. Elsevier, Amsterdam.
49. NEWSHAM, T. 2000. Format string attacks, http://www.securityfocus.eom/ archive/1/81565.
50. PAX TEAM. 2003. Documentation for the PaX project. See Homepage of The PaX Team. http://pax.grsecurity.net/docs/index.html.
51. PRASAD, M. AND CHIUEH, T. 2003. A binary rewriting defense against stack based overflow attacks. In Proceedings of the USENIX 2003 Annual Technical Conference, San Antonio, TX.
52. Pu, C., BLACK, A., COWAN, C., AND WALPOLE, J. 1996. A specialization toolkit to increase the diversity of operating systems. In Proceedings of the 1996 ICMAS Workshop on Immunity-Based Systems, Nara, Japan.
53. RANDELL, B. 1975. System structure for software fault tolerance. IEEE Trans. Software Eng. 1, 2, 220-232.
54. RUWASE, O. AND LAM, M. S. 2004. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium.
55. SCHNEIER, B. 1996. Applied Cryptography. Wiley, New York.
56. SECURITY Focus. 2003. CVS directory request double free heap corruption vulnerability. http://www.securityfocus.com/bid/6650.
57. SEWARD, J. AND NETHERCOTE, N. 2004. Valgrind, an open-source memory debugger for x86-GNU/Linux. http://valgrind.kde.org/.
58. SIMON, I. 2001. A comparative analysis of methods of defense against buffer overflow attacks. Web publishing, California State University, Hayward, http://www.mcs.csuhayward.edu/simon/security/boflo.html. January 31.
59. SPEC INC. 1999. Specweb99. Tech. Rep. SPEC web 99_Design.062999.html, SPEC Inc. June 29.
60. TCPA 2004. TCPA trusted computing platform alliance, http://www. trustedcomputing.org/home.
61. TOOL INTERFACE STANDARDS COMMITTEE. 1995. Executabk and Linking Format (ELF). Tool Interface Standards Committee.
62. TSAI, T. AND SINOH, N. 2001. Libsafe 2.0: Detection of format string vulnerability exploits. White Paper Version 3-21-01, Avaya Labs, Avaya Inc. February 6.
63. Tso, T. 1998. random.C: A strong random number generator, http://www.linuxsecurity.com/feature_stories/random.c.
64. VENDICATOR. 2000. StackShield: A stack smashing technique protection tool for Linux. http://angelfire.com/sk/stackshield.
65. WAGNER, D., FOSTER, J. S., BREWER, E. A., AND AIKEN, A. 2000. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, San Diego, CA. 3-17.
66. WILANDEE, J. AND KAMKAR, M. 2003. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the 10th Network and Distributed System Security Symposium, San Diego, CA. 149-162.
67. Xu, J., KALBARCZYK, Z., AND IYER, R. K. 2003. Transparent runtime randomization for security. In Proceeding of the 22nd International Symposium on Reliable Distributed Systems (SRDS'03), Florence, Italy. 26-272.
68. Xu, J., KALBARCZYK, Z., PATEL, S., AND IYER, R. K. 2002. Architecture support for defending against buffer overflow attacks. In 2nd Workshop on Evaluating and Architecting System dependability (EASY), San Jose, CA. http://www.crhc.uiuc.edu/EASY/.