We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff's principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe).Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.
展开▼
机译:我们描述了一种保护系统免受 any 类型的代码注入攻击的新通用方法。我们通过创建执行潜在易受攻击软件的系统的特定于进程的随机指令集(例如机器指令)来应用Kerckhoff原理。不知道随机化算法密钥的攻击者将注入对该随机化处理器无效的代码,从而导致运行时异常。为了确定在操作系统中集成对提议的机制的支持的难度,我们修改了Linux内核,GNU binutils 工具和 bochs-x86 仿真器。尽管性能损失很大,但是我们的原型证明了该方法的可行性,并且应该可以直接在经过适当修改的处理器(例如Transmeta Crusoe)上使用。我们的方法同样适用于代码-以脚本和解释语言注入攻击,例如例如基于Web的SQL注入。我们通过修改Perl解释器以允许随机脚本执行来证明这一点。在这种情况下,性能损失是最小的。在我们提出的方法可行的情况下(,即在仿真环境中,在存在可编程或专用硬件,或者使用解释语言的情况下),它可以充当低开销的保护机制,并且可以轻松实现补充其他机制。
展开▼
