Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Protecting Against Unexpected System Calls
Tweet

connect with us

Protecting Against Unexpected System Calls

Abstract: 

This paper proposes a comprehensive set of techniques which limit the scope of remote code injection attacks. These techniques prevent any injected code from making system calls and thus restrict the capabilities of an attacker. In defending against the traditional ways of harming a system these techniques significantly raise the bar for compromising the host system forcing the attack code to take extraordinary steps that may be impractical in the context of a remote code injection attack. There are two main aspects to our approach. The first is to embed semantic information into executables identifying the locations of legitimate system call instructions; system calls from other locations are treated as intrusions. The modifications we propose are transparent to user level processes that do not wish to use them (so that, for example, it is still possible to run unmodified third-party software), and add more security at minimal cost for those binaries that have the special information present. The second is to back this up using a variety of techniques, including a novel approach to encoding system call traps into the OS kernel, in order to deter mimicry attacks. Experiments indicate that our approach is effective against a wide variety of code injection attacks.

C. M. Linn, University of Arizona

M. Rajagopalan, University of Arizona

S. Baker, University of Arizona

C. Collberg, University of Arizona

S. K. Debray, University of Arizona

J. H. Hartman, University of Arizona

BibTeX
@inproceedings {269241,
author = {C. M. Linn and M. Rajagopalan and S. Baker and C. Collberg and S. K. Debray and J. H. Hartman},
title = {Protecting Against Unexpected System Calls},
booktitle = {14th USENIX Security Symposium (USENIX Security 05)},
year = {2005},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/14th-usenix-security-symposium/protecting-against-unexpected-system-calls},
publisher = {USENIX Association},
month = jul,
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/linn/linn.pdf
Paper (HTML): 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/linn/linn_html/index.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us