Where

Page Content

David Evans - University of Virginia

Mar 09, 2005

Size:

Download: MP4 Video   Watch in your Browser (Flash Required)   RealVideo

Abstract

Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this talk, I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under a variety of realistic conditions and can infect an ISR-protected server in under 6 minutes. Our results provide insights into properties necessary for ISR implementations to be secure and suggest ways to improve to ISR designs. I will speculate on more general architectures for using diversity that can avoid the need to keep secrets from potential attacker that is inherent in previous diversity-based defenses such as ISR and memory address randomization.

About the Speaker

David Evans is an Assistant Professor at the University of Virginia. He has SB, SM and PhD degrees in Computer Science from MIT. His research interests include program analysis, exploiting properties of the physical world for security, and applications of cryptography. For more information, see http://www.cs.virginia.edu/evans/

Footer

Intranet Site