Refereed article in conference proceedings (A4)
Diversification of System Calls in Linux Binaries
List of Authors: Sampsa Rauti, Samuel Laurén, Shohreh Hosseinzadeh, Jari-Matti Mäkelä, Sami Hyrynsalmi, Ville Leppänen
Editors: Moti Yung, Liehuang Zhu, Yanjiang Yang
Conference name: International Conference on Trusted Systems
Publication year: 2015
Book title *: Trusted systems. Proceedings of the 6th International Conference on Trustworthy Systems (InTrust 2014)
Title of series: Security and cryptology
Volume number: 9473
Start page: 15
End page: 35
Number of pages: 21
ISBN: 978-3-319-27997-8
ISSN: 0302-9743
DOI: http://dx.doi.org/10.1007/978-3-319-27998-5
In this paper, we analyze the presence of system calls in the ELF binaries. We study the locations of system calls in the software layers of Linux and also examine how many binaries in the whole system use system calls.
Additionally, we discuss the different ways system calls are coded in ELF binaries and the challenges this causes for the diversification process. Also, we present a diversification tool and also suggest several solutions to overcome the difficulties faced in system call diversification. The amount of problematic system calls is small, and our diversification tool manages to diversify the clear majority of system calls present in standard-like Linux configurations. For diversifying all the remaining system calls, we consider several possible approaches.