Where academic tradition
meets the exciting future

A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification

Sampsa Rauti, Samuel Laurén, Joni Uitto, Shohreh Hosseinzadeh, Jukka Ruohonen, Sami Hyrynsalmi, Ville Leppänen, A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification. In: Billy Bob Brumley, Juha Röning (Eds.), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings, Lecture Notes in Computer Science (LNCS) 10014, 152–168, Springer International Publishing, 2016.

http://dx.doi.org/10.1007/978-3-319-47560-8_10

Abstract:

The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.

BibTeX entry:

@INPROCEEDINGS{inpRaLaUiHoRuHyLe16a,
  title = {A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification},
  booktitle = {Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings},
  author = {Rauti, Sampsa and Laurén, Samuel and Uitto, Joni and Hosseinzadeh, Shohreh and Ruohonen, Jukka and Hyrynsalmi, Sami and Leppänen, Ville},
  volume = {10014},
  series = {Lecture Notes in Computer Science (LNCS)},
  editor = {Brumley, Billy Bob and Röning, Juha},
  publisher = {Springer International Publishing},
  pages = {152–168},
  year = {2016},
}

Belongs to TUCS Research Unit(s): Software Development Laboratory (SwDev)

Publication Forum rating of this publication: level 1

Edit publication