A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification
Tekijät: Rauti S, Lauren S, Uitto J, Hosseinzadeh S, Ruohonen J, Hyrynsalmi S, Leppänen V
Toimittaja: Brumley BB, Röning J
Konferenssin vakiintunut nimi: Nordic Conference on Secure IT Systems
Kustantaja: Springer International Publishing
Julkaisuvuosi: 2016
Kokoomateoksen nimi: Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings
Sarjan nimi: Lecture Notes in Computer Science (LNCS)
Vuosikerta: 10014
Aloitussivu: 152
Lopetussivu: 168
Sivujen määrä: 17
ISBN: 978-3-319-47559-2
eISBN: 978-3-319-47560-8
ISSN: 0302-9743
DOI: https://doi.org/10.1007/978-3-319-47560-8_10
Verkko-osoite: http://dx.doi.org/10.1007/978-3-319-47560-8_10
The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.
