Symbol diversification of linux binaries

Samuel Lauren; Petteri Maki; Sampsa Rauti; Shohreh Hosseinzadeh; Sami Hyrynsalmi; Ville Leppanen

doi:10.1109/WorldCIS.2014.7028170

Symbol diversification of linux binaries

Samuel Lauren, Petteri Maki, Sampsa Rauti, Shohreh Hosseinzadeh, Sami Hyrynsalmi, Ville Leppanen

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

15 Sitaatiot (Scopus)

Abstrakti

In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.

Alkuperäiskieli	Englanti
Otsikko	2014 World Congress on Internet Security, WorldCIS 2014
Kustantaja	IEEE
Sivut	74-79
Sivumäärä	6
ISBN (elektroninen)	9781908320421
DOI - pysyväislinkit	https://doi.org/10.1109/WorldCIS.2014.7028170
Tila	Julkaistu - 30 tammik. 2014
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	2014 World Congress on Internet Security, WorldCIS 2014 - London, Iso-Britannia Kesto: 8 jouluk. 2014 → 10 jouluk. 2014

Conference

Conference	2014 World Congress on Internet Security, WorldCIS 2014
Maa/Alue	Iso-Britannia
Kaupunki	London
Ajanjakso	8/12/14 → 10/12/14

!!ASJC Scopus subject areas

Computer Networks and Communications
Software

Pääsy asiakirjaan

10.1109/WorldCIS.2014.7028170

Siteeraa tätä

@inproceedings{03ffa8ccff3149a6ba03690a604eb9d9,

title = "Symbol diversification of linux binaries",

abstract = "In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.",

author = "Samuel Lauren and Petteri Maki and Sampsa Rauti and Shohreh Hosseinzadeh and Sami Hyrynsalmi and Ville Leppanen",

year = "2014",

month = jan,

day = "30",

doi = "10.1109/WorldCIS.2014.7028170",

language = "English",

pages = "74--79",

booktitle = "2014 World Congress on Internet Security, WorldCIS 2014",

publisher = "IEEE",

address = "United States",

note = "2014 World Congress on Internet Security, WorldCIS 2014 ; Conference date: 08-12-2014 Through 10-12-2014",

}

TY - GEN

T1 - Symbol diversification of linux binaries

AU - Lauren, Samuel

AU - Maki, Petteri

AU - Rauti, Sampsa

AU - Hosseinzadeh, Shohreh

AU - Hyrynsalmi, Sami

AU - Leppanen, Ville

PY - 2014/1/30

Y1 - 2014/1/30

N2 - In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.

AB - In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.

U2 - 10.1109/WorldCIS.2014.7028170

DO - 10.1109/WorldCIS.2014.7028170

M3 - Conference contribution

AN - SCOPUS:84949926860

SP - 74

EP - 79

BT - 2014 World Congress on Internet Security, WorldCIS 2014

PB - IEEE

T2 - 2014 World Congress on Internet Security, WorldCIS 2014

Y2 - 8 December 2014 through 10 December 2014

ER -

Symbol diversification of linux binaries

Abstrakti

Conference

!!ASJC Scopus subject areas

Pääsy asiakirjaan

Sormenjälki

Siteeraa tätä