TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Symbol diversification of linux binaries

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
Otsikko2014 World Congress on Internet Security, WorldCIS 2014
KustantajaInstitute of Electrical and Electronics Engineers Inc.
Sivut74-79
Sivumäärä6
ISBN (elektroninen)9781908320421
DOI - pysyväislinkit
TilaJulkaistu - 30 tammikuuta 2014
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
Tapahtuma2014 World Congress on Internet Security, WorldCIS 2014 - London, Iso-Britannia
Kesto: 8 joulukuuta 201410 joulukuuta 2014

Conference

Conference2014 World Congress on Internet Security, WorldCIS 2014
MaaIso-Britannia
KaupunkiLondon
Ajanjakso8/12/1410/12/14

Tiivistelmä

In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.