MTD: Run-time System Call Mapping Randomization

2021 International Symposium on Computer Science and Intelligent Controls (ISCSIC) Pub Date : 2021-11-01 DOI:10.1109/ISCSIC54682.2021.00054

Takeshi Masumoto, Wai Kyi Kyi Oo, Hiroshi Koide

{"title":"MTD: Run-time System Call Mapping Randomization","authors":"Takeshi Masumoto, Wai Kyi Kyi Oo, Hiroshi Koide","doi":"10.1109/ISCSIC54682.2021.00054","DOIUrl":null,"url":null,"abstract":"The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks. System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inj ect the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at runtime to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.","PeriodicalId":431036,"journal":{"name":"2021 International Symposium on Computer Science and Intelligent Controls (ISCSIC)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Symposium on Computer Science and Intelligent Controls (ISCSIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCSIC54682.2021.00054","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks. System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inj ect the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at runtime to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.

查看原文本刊更多论文

运行时系统调用映射随机化

我们研究的目的是提供针对系统的代码注入攻击的防御。代码注入攻击是对系统最危险的攻击之一，它甚至可以让攻击者有机会通过执行任意代码来完全破坏系统。移动目标防御(MTD)通过动态改变包括漏洞在内的攻击目标区域来保护系统免受攻击，同时降低攻击的可达性。系统调用随机化是一种MTD技术，它通过随机化系统调用号码与其调用的函数之间的映射来禁用代码注入攻击。系统调用随机化的目的是限制被注入程序可以执行和访问的处理和资源。由于系统调用是用户应用程序访问系统资源的唯一途径，因此随机化系统调用会给攻击者实现目标增加难度，即使他们可以注入程序。现有的系统调用随机化技术曾经在加载程序之前执行过随机化，然而，当随机化的信息被泄露给攻击者时，这种方法只提前一次就没有效果。在本文中，我们提出了一种在运行时多次重新随机化的方法来解决这个问题。我们实现了一个直接编辑ELF可执行格式的脚本。事实上，作为在一个小程序上运行脚本的结果，我们成功地生成了一个新的可执行文件，并应用了该方法。我们的实验表明，运行时系统调用随机化对代码注入攻击是有效的，这种技术也可以应用于现有的编译程序。我们实现了一个直接编辑ELF可执行格式的脚本。事实上，作为在一个小程序上运行脚本的结果，我们成功地生成了一个新的可执行文件，并应用了该方法。我们的实验表明，运行时系统调用随机化对代码注入攻击是有效的，这种技术也可以应用于现有的编译程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Symposium on Computer Science and Intelligent Controls (ISCSIC)

自引率

0.00%

发文量