In instruction set diversification, a “language” used in a system is uniquely diversified in order to protect software against malicious attacks. In this paper, we apply diversification to Linux shell commands in order to prevent malware from taking advantage of the functionality they provide. When the Linux shell commands are diversified, malware no longer knows the correct commands and cannot use the shell to achieve its goals. We demonstrate this by using Shellshock as an example. This paper presents a scheme that diversifies the commands of Bash, the most widely used Linux shell and all the scripts in the system. The feasibility of our scheme is tested with a proof-of-concept implementation. We also present a study on the extent of changes required to make all the trusted scripts and applications in the system use the new diversified shell commands.
Joni Uitto, Sampsa Rauti, Samuel Lauren, Ville Leppänen (University of Turku): Preventing Malicious Attacks by Diversifying Linux Shell.
Presented at the 14th Symposium on Programming Languages and Software Tools (SPLST’15).