A Framework for Diversifying Windows Native APIs to Tolerate Code Injection Attacks
Gespeichert in:
| Titel: | A Framework for Diversifying Windows Native APIs to Tolerate Code Injection Attacks |
|---|---|
| Autoren: | Lynette Qu, Nguyen Tufan, Demir Jeff, Rowe Francis, Hsu Karl Levitt |
| Weitere Verfasser: | The Pennsylvania State University CiteSeerX Archives |
| Quelle: | http://mu.cs.ucdavis.edu/~fhsu/papers/asiaccs07.pdf. |
| Bestand: | CiteSeerX |
| Schlagwörter: | Engineering, General—Protection mechanisms General Terms Security, Diversity Keywords Diversity, Windows Native API, Code injection attacks |
| Beschreibung: | We present a framework to prevent code injection attacks in MS Windows using Native APIs in the operating system. By adopting the idea of diversity, this approach is implemented in a two-tier framework. The first tier permutes the Native API dispatch ID number so that only the Native API calls from legitimate sources are executed. The second tier provides an authentication process in case an attacker guesses the first-tier permutation order. The function call stack is back-traced to verify whether the original caller’s return address resides within the legitimate process. The process is terminated and an alert is generated when an attack is suspected. Experiments indicate that our approach poses no significant overhead. |
| Publikationsart: | text |
| Dateibeschreibung: | application/pdf |
| Sprache: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.87.5580; http://mu.cs.ucdavis.edu/~fhsu/papers/asiaccs07.pdf |
| Verfügbarkeit: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.87.5580 http://mu.cs.ucdavis.edu/~fhsu/papers/asiaccs07.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Dokumentencode: | edsbas.F9A915FE |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | We present a framework to prevent code injection attacks in MS Windows using Native APIs in the operating system. By adopting the idea of diversity, this approach is implemented in a two-tier framework. The first tier permutes the Native API dispatch ID number so that only the Native API calls from legitimate sources are executed. The second tier provides an authentication process in case an attacker guesses the first-tier permutation order. The function call stack is back-traced to verify whether the original caller’s return address resides within the legitimate process. The process is terminated and an alert is generated when an attack is suspected. Experiments indicate that our approach poses no significant overhead. |
|---|