Reverse Stack Execution
نویسندگان
چکیده
Introducing variability during program execution is an effective technique for fighting software monoculture which enables the quick spread of malicious code such as viruses and worms. Existing works in the area of automatic generation of execution variability have been limited to instruction randomization and heap allocation randomization, even though stack overflows are the predominant attack vectors used to inject malicious code. We present a compiler-based technique that introduces stack variance by reversing the stack growth direction, and is thus able to close this loophole. In this paper we discuss the steps necessary to reverse the stack growth direction for the Intel x86 instruction set which was designed for a single stack growth direction. The performance evaluation of our approach shows a negligible overhead for most applications. For one of the benchmark applications, we see a small performance gain.
منابع مشابه
Reverse Stack Execution in a Multi-Variant Execution Environment
Multi-variant execution allows detecting exploited vulnerabilities before they can cause any damage to systems. In this execution method, two or more slightly different variants of the same application are executed simultaneously on top of a monitoring layer. In the course of execution, the monitoring layer checks whether the instances are always in complying states. Any discrepancies raises an...
متن کاملElectric Power Generation with Reverse Electrodialysis
The computer simulation program of a practical scale reverse electrodialysis process has been developed based on the program for saline water electrodialysis. The program is applied to compute the performance of an industrial-scale reverse electrodialysis stack (effective membrane area S = 1 m × 1 m = 1 m2, cell pair number N = 300 pairs). The stack operatingconditions are optimized. Seaw...
متن کاملReverse Execution of Java Bytecode
We demonstrate a model, including operational semantics, for the reverse execution of stack-based code. We discuss our modification of the Kaffe implementation of the Java Virtual Machine, supporting a debugger capable of running Java bytecode backwards. We achieve reverse execution by logging the state lost during each operation or by directly reversing instructions. Our debugger has facilitie...
متن کاملDebugging Operating Systems with Time-Traveling Virtual Machines (Awarded General Track Best Paper Award!)
Operating systems are difficult to debug with traditional cyclic debugging. They are non-deterministic; they run for long periods of time; they interact directly with hardware devices; and their state is easily perturbed by the act of debugging. This paper describes a time-traveling virtual machine that overcomes many of the difficulties associated with debugging operating systems. Time travel ...
متن کاملPoster: Post-Intrusion Memory Forensics Analysis
A yet-to-be-solved but very vital problem in forensics analysis is accurate memory dump data type reverse engineering where the target process is not a priori specified and could be any of the running processes within the system. We present a lightweight system-wide solution that extracts data type information from the memory dump without its past execution traces. Our proposed solution constru...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007