A4 Refereed article in a conference publication
A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification
Authors: Rauti S, Lauren S, Uitto J, Hosseinzadeh S, Ruohonen J, Hyrynsalmi S, Leppänen V
Editors: Brumley BB, Röning J
Conference name: Nordic Conference on Secure IT Systems
Publisher: Springer International Publishing
Publication year: 2016
Book title : Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings
Series title: Lecture Notes in Computer Science (LNCS)
Volume: 10014
First page : 152
Last page: 168
Number of pages: 17
ISBN: 978-3-319-47559-2
eISBN: 978-3-319-47560-8
ISSN: 0302-9743
DOI: https://doi.org/10.1007/978-3-319-47560-8_10
Web address : http://dx.doi.org/10.1007/978-3-319-47560-8_10
The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.
