The Community for Technology Leaders
Computer Security Applications Conference, Annual (2005)
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISSN: 1063-9527
ISBN: 0-7695-2461-3
pp: 286-302
Angelos D. Keromytis , Columbia University, New York, NY
Gaurav S. Kc , Google Inc., Mountain View, CA
ABSTRACT
<p>We present e-NeXSh, a novel security approach that utilises kernel and LIBC support for efficiently defending systems against process-subversion attacks. Such attacks exploit vulnerabilities in software to override its program control-flow and consequently invoke system calls, causing out-of-process damage. Our technique defeats such attacks by monitoring all LIBC function and system-call invocations, and validating them against process-specific information that strictly prescribes the permissible behaviour for the program (unlike general sandboxing techniques that require manually maintained, explicit policies, we use the program code itself as a guideline for an implicit policy). Any deviation from this behaviour is considered malicious, and we halt the attack, limiting its damage to within the subverted process.</p> <p>We implemented e-NeXSh as a set of modifications to the linux-2.4.18-3 kernel and a new user-space shared library (e-NeXSh.so). The technique is transparent, requiring no modifications to existing libraries or applications. e-NeXSh was able to successfully defeat both codeinjection and libc-based attacks in our effectiveness tests. The technique is simple and lightweight, demonstrating no measurable overhead for select UNIX utilities, and a negligible 1.55% performance impact on the Apache web server.</p>
INDEX TERMS
null
CITATION
Angelos D. Keromytis, Gaurav S. Kc, "e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing", Computer Security Applications Conference, Annual, vol. 00, no. , pp. 286-302, 2005, doi:10.1109/CSAC.2005.22
99 ms
(Ver )