« Diablo, a link time program rewriter | Main | Useful review of Register Renaming and Out-of-order Execution »
October 16, 2004
Research Project
Currently I am working to put ISR and strata together to achieve both security and efficiency.
Prof. Jack Davidson wants to show efficiency of doing derandomization in Strata, but Prof. Dave Evans wants to see more security since this project also works as Malware project, which mainly serves for security.
First, simple jump to malicious codes can be easily prevented in Strata by checking whether the address it's jumping to violates its allowed range. So ISR against code injection can't buy much here. In order to justify the necessity of combining ISR and strata, I must find some exploits which can work around simple check but would be prevented by ISR.
Second, which encryption method should I use? Of course I'll try simple XOR operations first, but is it secure enough? For example, let's say the key is 64 bits long, but on x86 which has varied instruction length, simple instructions like jumps might only be one byte. So if a hacker somehow get the first 16 bits by brute force, he can inject code like this:
A Malicious instruction; JUMP L1; xxx
L1: Another Malicious instruction; JUMP L2; xxx
L2: ...
Therefore although hacker didn't know the high part of a key, he can still apply exploits.
So I should look for some strong encryption methods. However would that increase overhead?
Third, indirect jumps. Could Diablo identify all the headers of basic blocks? Since indirect jumps are undecidable at static time. However it declares to be able to handle those cases by preserving more information. I must see if such bad things will happen. If this would happen, there must be a coordination between randomizer and derandomizer, namely how to do the alignment.
Posted by Roy at October 16, 2004 11:53 PM