Runtime Defense against Code Injection Attacks Using Replicated Execution

Salamat Babak; Jackson Todd; Wagner Gregor; Wimmer Christian; Franz Michael

首页> 外文期刊>Dependable and Secure Computing, IEEE Transactions on >Runtime Defense against Code Injection Attacks Using Replicated Execution

【24h】

Runtime Defense against Code Injection Attacks Using Replicated Execution

机译：使用复制执行的代码注入攻击的运行时防御

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can compromise software. Multivariant execution is an intrusion detection mechanism that executes several slightly different versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. At runtime, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. We present a monitoring mechanism that does not need any kernel privileges to supervise the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multithreaded or multiprocess applications, can cause divergence in behavior of variants. These divergences cause false alarms. We provide solutions to remove these false alarms. Our experiments show that the multivariant execution technique is effective in detecting and preventing code injection attacks. The empirical results demonstrate that dual-variant execution has on average 17 percent performance overhead when deployed on multicore processors.

机译：对计算机系统的攻击的数量和复杂性正在增加。这种增长需要适当的防御机制。入侵检测系统在破坏软件之前，在检测和破坏攻击方面起着重要作用。多变量执行是一种入侵检测机制，可以按步执行同一程序的几个略有不同的版本（称为变体）。这些变体被构建为在正常执行条件下具有相同的行为。但是，当变体受到攻击时，它们的执行行为存在可检测到的差异。在运行时，监视器会比较某些同步点上变量的行为，并在检测到差异时发出警报。我们提出了一种监视机制，该机制不需要任何内核特权即可监督变体。许多不一致的来源，包括异步信号和多线程或多进程应用程序的调度，都可能导致变量行为的差异。这些差异会导致错误警报。我们提供消除这些错误警报的解决方案。我们的实验表明，多变量执行技术可有效检测和防止代码注入攻击。实证结果表明，在多核处理器上部署时，双变量执行平均具有17％的性能开销。

著录项

来源
《Dependable and Secure Computing, IEEE Transactions on》 |2011年第4期|p.588-601|共14页
作者
Salamat Babak; Jackson Todd; Wagner Gregor; Wimmer Christian; Franz Michael;
展开▼
作者单位

University of California, Irvine, Irvine;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Intrusion detection; multivariant execution; n-variant execution; system call.;

机译：入侵检测;多变量执行;n变量执行;系统调用。;

相似文献

外文文献
中文文献
专利

1. Detecting Heap-Spraying Code Injection Attacks in Malicious Web Pages Using Runtime Execution [J] . YoungHan CHOI, HyoungChun KIM, DongHoon LEE IEICE Transactions on Communications . 2012,第5期

机译：使用运行时执行检测恶意网页中的堆喷射代码注入攻击
2. Runtime Countermeasures for Code Injection Attacks Against C and C++ Programs [J] . YVES YOUNAN, WOUTER JOOSEN, FRANK PIESSENS ACM Computing Surveys . 2012,第3期

机译：针对C和C ++程序的代码注入攻击的运行时对策
3. ROPSentry: Runtime defense against ROP attacks using hardware performance counters [J] . Sanjeev Das, Bihuan Chen, Mahintham Chandramohan, Computers & Security . 2018,第MARa期

机译：ROPSentry：使用硬件性能计数器的运行时防御ROP攻击
4. Secure and practical defense against code-injection attacks using software dynamic translation [C] . Wei Hu, Jason Hiser, Dan Williams, International conference on Virtual execution environments . 2006

机译：使用软件动态翻译对代码注入攻击进行安全实用的防御
5. Darts: A runtime based on the Codelet execution model. [D] . Suetterlein, Joshua. 2014

机译：飞镖：基于Codelet执行模型的运行时。
6. Not attackable or not crackable—How pre‐ and post‐attack defenses with different competition costs affect prey coexistence and population dynamics [O] . Elias Ehrlich, Ursula Gaedke 2018

机译：不可攻击或不可破解-具有不同竞争成本的攻击前和攻击后防御如何影响猎物共存和种群动态
7. Runtime Defense against Code Injection Attacks Using Replicated Execution [O] . B Salamat, T Jackson, G Wagner, 2011

机译：1使用复制执行的代码注入攻击的运行时防御
8. Secure and Practical Defense Against Code-Injection Attacks using Software Dynamic Translation [R] . Hu, W. , Hiser, J. , Williams, D. , 2006

机译：使用软件动态转换实现代码注入攻击的安全实用防御

Runtime Defense against Code Injection Attacks Using Replicated Execution

摘要

著录项

相似文献

相关主题

期刊订阅