Where's the FEEB?
The Effectiveness of Instruction Set Randomization
David Evans
Purdue University
Center for Education and Research in Informations Assurance and Security
(CERIAS)
9 March 2005
Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this talk, I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under a variety of realistic conditions and can infect an ISR-protected server in under 6 minutes. Our results provide insights into properties necessary for ISR implementations to be secure and suggest ways to improve to ISR designs. I will speculate on more general architectures for using diversity that can avoid the need to keep secrets from potential attacker that is inherent in previous diversity-based defenses such as ISR and memory address randomization.
CERIAS
Seminar Page
RealVideo
Stream of Presentation
Slides: [PPT, 39 slides] [PDF,
7 pages]
Paper:
[PDF, 16 pages] [HTML]
|
David Evans - Talks University of Virginia Department of Computer Science |
David Evans evans@virginia.edu |