A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification

The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.

Sampsa Rauti, Samuel Lauren, Joni Uitto, Shohreh Hosseinzadeh, Jukka Ruohonen, Sami Hyrynsalmi, Ville Leppänen (University of Turku): A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification

Presented at the 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016.

http://link.springer.com/chapter/10.1007/978-3-319-47560-8_10

Share on LinkedInGoogle+Tweet about this on TwitterShare on FacebookEmail to someone