The effectiveness of instruction set randomization
This presentation is the property of its rightful owner.
Sponsored Links
1 / 6

The Effectiveness of Instruction Set Randomization PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on
  • Presentation posted in: General

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security, August 2005. The Effectiveness of Instruction Set Randomization. Nora Sovarel http://www.cs.virginia.edu/nora University of Virginia Computer Science

Download Presentation

The Effectiveness of Instruction Set Randomization

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The effectiveness of instruction set randomization

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul.To appear at USENIX Security, August 2005

The Effectiveness of Instruction Set Randomization

Nora Sovarel

http://www.cs.virginia.edu/nora

University of Virginia

Computer Science

2005 IEEE Symposium on Security and Privacy


Instruction set randomization

Instruction Set Randomization

Encryption Key

Decryption Key

Compile

Load

In memory

Execution


Jump attack jmp 2

2-byte instruction

Correct: infinite loop

Wrong:

Usually crashes

Sometimes false positive

False positives

Conditional jumps

Used to reduce the number of attempts (average 24 per byte)

Jump Attack: jmp -2

eb

eb

fe

fe

cd

0xbfffe990

0xbfffe991


Requirements

Requirements

  • Multiple guess attempts on same key

    • Server forks process

    • No rerandomization

  • Remotely observable behavior

  • Injection at known address

  • Simple encryption scheme

    • Byte-wise

    • Learn key from one plain/cipher pair


Conclusion

Conclusion

  • It sometimes works

  • Possible countermeasures

    • Rerandomize periodically

    • Stronger encryption

http://www.cs.virginia.edu/nora

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security 2005


  • Login