Randomized instruction set emulation

Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Darko Stefanović

Research output: Contribution to journalArticle

105 Citations (Scopus)

Abstract

Injecting binary code into a running program is a common form of attack. Most defenses employ a "guard the doors" approach, blocking known mechanisms of code injection. Randomized instruction set emulation (RISE) is a complementary method of defense, one that performs a hidden randomization of an application's machine code. If foreign binary code is injected into a program running under RISE, it will not be executable because it will not know the proper randomization. The paper describes and analyzes RISE, describing a proof-of-concept implementation built on the open-source Valgrind IA32-to-IA32 translator, The prototype effectively disrupts binary code injection attacks, without requiring recompilation, linking, or access to application source code. Under RISE, injected code (attacks) essentially executes random code sequences. Empirical studies and a theoretical model are reported which treat the effects of executing random code on two different architectures (IA32 and PowerPC). The paper discusses possible extensions and applications of the RISE technique in other contexts.

Original languageEnglish (US)
Pages (from-to)3-40
Number of pages38
JournalACM Transactions on Information and System Security
Volume8
Issue number1
DOIs
StatePublished - Feb 1 2005
Externally publishedYes

Fingerprint

Binary codes

Keywords

  • Automated diversity
  • Randomized instruction sets
  • Software diversity

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality

Cite this

Randomized instruction set emulation. / Barrantes, Elena Gabriela; Ackley, David H.; Forrest, Stephanie; Stefanović, Darko.

In: ACM Transactions on Information and System Security, Vol. 8, No. 1, 01.02.2005, p. 3-40.

Research output: Contribution to journalArticle

Barrantes, Elena Gabriela ; Ackley, David H. ; Forrest, Stephanie ; Stefanović, Darko. / Randomized instruction set emulation. In: ACM Transactions on Information and System Security. 2005 ; Vol. 8, No. 1. pp. 3-40.
@article{e41b40ac31434d348f82a9150984ae83,
title = "Randomized instruction set emulation",
abstract = "Injecting binary code into a running program is a common form of attack. Most defenses employ a {"}guard the doors{"} approach, blocking known mechanisms of code injection. Randomized instruction set emulation (RISE) is a complementary method of defense, one that performs a hidden randomization of an application's machine code. If foreign binary code is injected into a program running under RISE, it will not be executable because it will not know the proper randomization. The paper describes and analyzes RISE, describing a proof-of-concept implementation built on the open-source Valgrind IA32-to-IA32 translator, The prototype effectively disrupts binary code injection attacks, without requiring recompilation, linking, or access to application source code. Under RISE, injected code (attacks) essentially executes random code sequences. Empirical studies and a theoretical model are reported which treat the effects of executing random code on two different architectures (IA32 and PowerPC). The paper discusses possible extensions and applications of the RISE technique in other contexts.",
keywords = "Automated diversity, Randomized instruction sets, Software diversity",
author = "Barrantes, {Elena Gabriela} and Ackley, {David H.} and Stephanie Forrest and Darko Stefanović",
year = "2005",
month = "2",
day = "1",
doi = "10.1145/1053283.1053286",
language = "English (US)",
volume = "8",
pages = "3--40",
journal = "ACM Transactions on Information and System Security",
issn = "1094-9224",
publisher = "Association for Computing Machinery (ACM)",
number = "1",

}

TY - JOUR

T1 - Randomized instruction set emulation

AU - Barrantes, Elena Gabriela

AU - Ackley, David H.

AU - Forrest, Stephanie

AU - Stefanović, Darko

PY - 2005/2/1

Y1 - 2005/2/1

N2 - Injecting binary code into a running program is a common form of attack. Most defenses employ a "guard the doors" approach, blocking known mechanisms of code injection. Randomized instruction set emulation (RISE) is a complementary method of defense, one that performs a hidden randomization of an application's machine code. If foreign binary code is injected into a program running under RISE, it will not be executable because it will not know the proper randomization. The paper describes and analyzes RISE, describing a proof-of-concept implementation built on the open-source Valgrind IA32-to-IA32 translator, The prototype effectively disrupts binary code injection attacks, without requiring recompilation, linking, or access to application source code. Under RISE, injected code (attacks) essentially executes random code sequences. Empirical studies and a theoretical model are reported which treat the effects of executing random code on two different architectures (IA32 and PowerPC). The paper discusses possible extensions and applications of the RISE technique in other contexts.

AB - Injecting binary code into a running program is a common form of attack. Most defenses employ a "guard the doors" approach, blocking known mechanisms of code injection. Randomized instruction set emulation (RISE) is a complementary method of defense, one that performs a hidden randomization of an application's machine code. If foreign binary code is injected into a program running under RISE, it will not be executable because it will not know the proper randomization. The paper describes and analyzes RISE, describing a proof-of-concept implementation built on the open-source Valgrind IA32-to-IA32 translator, The prototype effectively disrupts binary code injection attacks, without requiring recompilation, linking, or access to application source code. Under RISE, injected code (attacks) essentially executes random code sequences. Empirical studies and a theoretical model are reported which treat the effects of executing random code on two different architectures (IA32 and PowerPC). The paper discusses possible extensions and applications of the RISE technique in other contexts.

KW - Automated diversity

KW - Randomized instruction sets

KW - Software diversity

UR - http://www.scopus.com/inward/record.url?scp=16644362894&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=16644362894&partnerID=8YFLogxK

U2 - 10.1145/1053283.1053286

DO - 10.1145/1053283.1053286

M3 - Article

AN - SCOPUS:16644362894

VL - 8

SP - 3

EP - 40

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 1

ER -