Where academic tradition
meets the exciting future

Diversification of System Calls in Linux Binaries

Sampsa Rauti, Samuel Laurén, Shohreh Hosseinzadeh, Jari-Matti Mäkelä, Sami Hyrynsalmi, Ville Leppänen, Diversification of System Calls in Linux Binaries. In: Moti Yung, Liehuang Zhu, Yanjiang Yang (Eds.), Trusted Systems --- 6th International Conference, INTRUST 2014, Beijing, China, December 16-17, 2014, Revised Selected Papers, Lecture Notes in Computer Science, 15–35, Beijing Institute of Technology, 2014.

http://dx.doi.org/10.1007/978-3-319-27998-5_2

Abstract:

This paper studies the idea of using large-scale diversification to protect operating systems and make malware ineffective. The idea is to first diversify the system call interface on a specific computer so that it becomes very challenging for a piece of malware to access resources, and to combine this with the recursive diversification of system library routines indirectly invoking system calls. Because of this unique diversification (i.e. a unique mapping of system call numbers), a large group of computers would have the same functionality but differently diversified software layers and user applications. A malicious program now becomes incompatible with its environment. The basic flaw of operating system monoculture – the vulnerability of all software to the same attacks – would be fixed this way.
Specifically, we analyze the presence of system calls in the ELF binaries. We study the locations of system calls in the software layers of Linux and examine how many binaries in the whole system use system calls. Additionally, we discuss the different ways system calls are coded in ELF binaries and the challenges this causes for the diversification process. Also, we present a diversification tool and suggest several solutions to overcome the difficulties faced in system call diversification. The amount of problematic system calls is small, and our diversification tool manages to diversify the clear majority of system calls present in standard-like Linux configurations. For diversifying all the remaining system calls, we consider several possible approaches.

BibTeX entry:

@INPROCEEDINGS{inpRaLaHoMxHyLe14a,
  title = {Diversification of System Calls in Linux Binaries},
  booktitle = {Trusted Systems --- 6th International Conference, INTRUST 2014, Beijing, China, December 16-17, 2014, Revised Selected Papers},
  author = {Rauti, Sampsa and Laurén, Samuel and Hosseinzadeh, Shohreh and Mäkelä, Jari-Matti and Hyrynsalmi, Sami and Leppänen, Ville},
  series = {Lecture Notes in Computer Science},
  editor = {Yung, Moti and Zhu, Liehuang and Yang, Yanjiang},
  publisher = {Beijing Institute of Technology},
  pages = {15–35},
  year = {2014},
  ISSN = {0302-9743},
}

Belongs to TUCS Research Unit(s): Software Development Laboratory (SwDev)

Publication Forum rating of this publication: level 1

Edit publication