Chinese Journal of Network and Information Security ›› 2017, Vol. 3 ›› Issue (11): 29-39.doi: 10.11959/j.issn.2096-109x.2017.00216

• Academic paper • Previous Articles     Next Articles

Design and implementation of hardware-based dynamic instruction set randomization framework

San DU(),Hui SHU,Fei KANG   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China
  • Revised:2017-10-19 Online:2017-11-01 Published:2017-11-30
  • Supported by:
    The National Key R&D Plan Program of China(2016YFB08011601)

Abstract:

All the existing ISR methods have some defects including stripping data from code segment is hard to accomplish,static ISR has fixed key and pseudo-random key is not secure.To introduce ISR technology into the se-curity protection of kernel layer and application layer,hardware-based dynamic instruction set randomization framework (HDISR) was designed and implemented,in which program code was encrypted at loading time.Kernel encryption uses kernel key and applications encryption uses a different user key per process.The experimental re-sults show that HDISR can degrade code injection attack to Denial of Service attack with less than 2.57% additional hardware and 0.31s startup delay of each megabyte code encryption.

Key words: code injection attack, instruction set randomization, dynamic instruction set randomization, kernel

CLC Number: 

No Suggested Reading articles found!