An Alternate Memory Architecture for Code Injection Prevention
Ryan Riley - Purdue University
Jan 28, 2009Size: 224.6MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractCode injection attacks, in their various forms, have been in existence and been an area of consistent research for a number of years. A code injection attack is a method whereby an attacker inserts malicious code into a running computing system and transfers execution to his malicious code. In this way he can gain control of a running process or operating system due to the fact that his injected code will run at the same privilege level as the entity being attacked. At the user-level, these attacks can be used to gain access to a system through an application bug. At the kernel-level, they are commonly used to install kernel rootkits and hide an attacker's presence on a machine.
In this talk I will discuss code injection with regards to the memory architecture of modern computer systems. I will compare two common memory architectures, von Neumann and Harvard, with respect to their susceptibility to code injection attacks and the advantages and disadvantages of each in practice. Based on this, I will present a third memory architecture which is immune to code injection attacks and describe implementations of it that are able to stop code injection at the user and kernel levels. My experimental results show that this architecture is able to effectively and efficiently prevent code injection attacks against unmodified operating systems and applications running on standard x86 hardware.
About the SpeakerRyan Riley is a doctoral candidate and research assistant at Purdue University in West Lafayette, IN. His research interests include Operating System and Network Security, Intrusion Detection and Prevention, Virtualization Technology, Distributed Systems, and Cloud Computing . He received a bachelor's in Computer Engineering in 2004 and a master's in Computer Science in 2006. He is preparing to graduate with his Ph.D. In Computer Science in August 2009 and is hoping to enter academia.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.