David Evans - University of Virginia
Mar 09, 2005
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Where's the FEEB? Effectiveness of Instruction Set Randomization"
Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this talk, I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under a variety of realistic conditions and can infect an ISR-protected server in under 6 minutes. Our results provide insights into properties necessary for ISR implementations to be secure and suggest ways to improve to ISR designs. I will speculate on more general architectures for using diversity that can avoid the need to keep secrets from potential attacker that is inherent in previous diversity-based defenses such as ISR and memory address randomization.
About the Speaker
David Evans is an Assistant Professor at the University of Virginia. He has SB, SM and PhD degrees in Computer Science from MIT. His research interests include program analysis, exploiting properties of the physical world for security, and applications of cryptography. For more information, see http://www.cs.virginia.edu/evans/
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...