The effectiveness of instruction set randomization
Download
1 / 6

The Effectiveness of Instruction Set Randomization - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security, August 2005. The Effectiveness of Instruction Set Randomization. Nora Sovarel http://www.cs.virginia.edu/nora University of Virginia Computer Science

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Effectiveness of Instruction Set Randomization' - bardia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The effectiveness of instruction set randomization

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul.To appear at USENIX Security, August 2005

The Effectiveness of Instruction Set Randomization

Nora Sovarel

http://www.cs.virginia.edu/nora

University of Virginia

Computer Science

2005 IEEE Symposium on Security and Privacy


Instruction set randomization
Instruction Set Randomization Randomization.

Encryption Key

Decryption Key

Compile

Load

In memory

Execution


Jump attack jmp 2

2-byte instruction Randomization.

Correct: infinite loop

Wrong:

Usually crashes

Sometimes false positive

False positives

Conditional jumps

Used to reduce the number of attempts (average 24 per byte)

Jump Attack: jmp -2

eb

eb

fe

fe

cd

0xbfffe990

0xbfffe991


Requirements
Requirements Randomization.

  • Multiple guess attempts on same key

    • Server forks process

    • No rerandomization

  • Remotely observable behavior

  • Injection at known address

  • Simple encryption scheme

    • Byte-wise

    • Learn key from one plain/cipher pair


Conclusion
Conclusion Randomization.

  • It sometimes works

  • Possible countermeasures

    • Rerandomize periodically

    • Stronger encryption

http://www.cs.virginia.edu/nora

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security 2005