Issue No. 04 - October-December (2010 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2010.1
Ryan Riley , Qatar University, Doha
Xuxian Jiang , North Carolina State University, Raleigh
Dongyan Xu , Purdue University, West Lafayette
Code injection attacks, despite being well researched, continue to be a problem today. Modern architectural solutions such as the execute-disable bit and PaX have been useful in limiting the attacks; however, they enforce program layout restrictions and can oftentimes still be circumvented by a determined attacker. We propose a change to the memory architecture of modern processors that addresses the code injection problem at its very root by virtually splitting memory into code memory and data memory such that a processor will never be able to fetch injected code for execution. This virtual split memory system can be implemented as a software-only patch to an operating system and can be used to supplement existing schemes for improved protection. Furthermore, our system is able to accommodate a number of response modes when a code injection attack occurs. Our experiments with both benchmarks and real-world attacks show the system is effective in preventing a wide range of code injection attacks while incurring reasonable overhead.
Code injection, secure memory architecture.
R. Riley, D. Xu and X. Jiang, "An Architectural Approach to Preventing Code Injection Attacks," in IEEE Transactions on Dependable and Secure Computing, vol. 7, no. , pp. 351-365, 2010.