Effective Memory Diversification in Legacy Systems

IF 0.8 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC International Journal of Electrical and Computer Engineering Systems Pub Date : 2023-03-28 DOI:10.32985/ijeces.14.3.10

Heesun Yun, Daehee Jang

{"title":"Effective Memory Diversification in Legacy Systems","authors":"Heesun Yun, Daehee Jang","doi":"10.32985/ijeces.14.3.10","DOIUrl":null,"url":null,"abstract":"Memory corruption error is one of the critical security attack vectors against a wide range of software. Addressing this problem, modern compilers provide multiple features to fortify the software against such errors. However, applying compiler-based memory defense is problematic in legacy systems we often encounter in industry or military environments because source codes are unavailable. In this study, we propose memory diversification techniques tailored for legacy binaries to which we cannot apply state-of- the-art compiler-based solutions. The basic idea of our approach is to automatically patch the machine code instructions of each legacy system differently (e.g., a drone, or a vehicle firmware) without altering any semantic behavior of the software logic. As a result of our system, attackers must create a specific attack payload for each target by analyzing the particular firmware, thus significantly increasing exploit development time and cost. Our approach is evaluated by applying it to a stack and heap of multiple binaries, including PX4 drone firmware and other Linux utilities.","PeriodicalId":41912,"journal":{"name":"International Journal of Electrical and Computer Engineering Systems","volume":" ","pages":""},"PeriodicalIF":0.8000,"publicationDate":"2023-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Electrical and Computer Engineering Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32985/ijeces.14.3.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Memory corruption error is one of the critical security attack vectors against a wide range of software. Addressing this problem, modern compilers provide multiple features to fortify the software against such errors. However, applying compiler-based memory defense is problematic in legacy systems we often encounter in industry or military environments because source codes are unavailable. In this study, we propose memory diversification techniques tailored for legacy binaries to which we cannot apply state-of- the-art compiler-based solutions. The basic idea of our approach is to automatically patch the machine code instructions of each legacy system differently (e.g., a drone, or a vehicle firmware) without altering any semantic behavior of the software logic. As a result of our system, attackers must create a specific attack payload for each target by analyzing the particular firmware, thus significantly increasing exploit development time and cost. Our approach is evaluated by applying it to a stack and heap of multiple binaries, including PX4 drone firmware and other Linux utilities.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

遗留系统中有效的内存分散

内存损坏错误是针对各种软件的关键安全攻击载体之一。为了解决这个问题，现代编译器提供了多种功能来增强软件以防止此类错误。然而，在工业或军事环境中经常遇到的遗留系统中，由于源代码不可用，应用基于编译器的内存防御是有问题的。在这项研究中，我们提出了为遗留二进制文件量身定制的内存多样化技术，我们无法将最先进的基于编译器的解决方案应用于这些二进制文件。我们方法的基本思想是在不改变软件逻辑的任何语义行为的情况下，以不同的方式自动修补每个遗留系统（例如，无人机或车辆固件）的机器代码指令。由于我们的系统，攻击者必须通过分析特定的固件为每个目标创建特定的攻击负载，从而显著增加漏洞开发时间和成本。我们的方法是通过将其应用于多个二进制文件的堆栈来评估的，其中包括PX4无人机固件和其他Linux实用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Electrical and Computer Engineering Systems ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

1.20

自引率

11.80%

发文量

期刊介绍： The International Journal of Electrical and Computer Engineering Systems publishes original research in the form of full papers, case studies, reviews and surveys. It covers theory and application of electrical and computer engineering, synergy of computer systems and computational methods with electrical and electronic systems, as well as interdisciplinary research. Power systems Renewable electricity production Power electronics Electrical drives Industrial electronics Communication systems Advanced modulation techniques RFID devices and systems Signal and data processing Image processing Multimedia systems Microelectronics Instrumentation and measurement Control systems Robotics Modeling and simulation Modern computer architectures Computer networks Embedded systems High-performance computing Engineering education Parallel and distributed computer systems Human-computer systems Intelligent systems Multi-agent and holonic systems Real-time systems Software engineering Internet and web applications and systems Applications of computer systems in engineering and related disciplines Mathematical models of engineering systems Engineering management.

期刊最新文献

A Four Slot Dual Feed and Dual Band Reconfigurable Antenna for Fixed Satellite Service Applications Improving Scientific Literature Classification: A Parameter-Efficient Transformer-Based Approach The New ADE-TLM Algorithm for Modeling Debye Medium Multi-Head CNN-based Software Development Risk Classification FOE NET: Segmentation of Fetal in Ultrasound Images Using V-NET