Sciweavers

Share
ACSAC
2006
IEEE

Known/Chosen Key Attacks against Software Instruction Set Randomization

12 years 7 months ago
Known/Chosen Key Attacks against Software Instruction Set Randomization
Instruction Set Randomization (ISR) has been proposed as a form of defense against binary code injection into an executing program. One proof-of-concept implementation is Randomized Instruction Set Emulator (RISE), based on the open-source Valgrind IA-32 to IA-32 binary translator. Although RISE is effective against attacks that are not RISEaware, it is vulnerable to pure data and hybrid data-code attacks that target its data, as well to some classes of bruteforce guessing. In order to enable the design of a production version, we describe implementation-specific and generic vulnerabilities that can be used to overcome RISE in its current form. We present and discuss attacks and solutions in three categories: known-key attacks that rely on the key being leaked and then used to pre-scramble the attacking code; chosen-key attacks that use implementation weaknesses to allow the attacker to define its own key,or otherwise affect key generation; and key-guessing (“bruteforce”) attack...
Yoav Weiss, Elena Gabriela Barrantes
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ACSAC
Authors Yoav Weiss, Elena Gabriela Barrantes
Comments (0)
books