A practical method to confine sensitive API invocations on commodity hardware

Donghai Tian*, Dingjun Qi, Li Zhan, Yuhang Yin, Changzhen Hu, Jingfeng Xue

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Control-flow hijacking attacks are a very dangerous threat to software security in that they can hijack the programs execution to execute malicious code. There have been many solutions proposed for countering these attacks, but majority of them suffer from the following limitations: (1) Some methods could be bypassed by advanced code reuse attacks; (2) Some methods will incur considerable performance cost; (3) Some methods need to modify the target program. To address these problems, we present APIdefender, a kernel-based solution to defeat control-flow attacks. Our method is compatible with the existing software and hardware. The basic idea of our approach is to confine the sensitive API invocations by comparing the invocation context with the baseline information that is obtained by offline analysis. To perform the run-time enforcement for the API invocations, we leverage some commodity hardware features. The experiments show that APIdefender can detect malicious API invocations effectively with a little performance overhead.

Original languageEnglish
Title of host publicationNetwork and System Security - 11th International Conference, NSS 2017, Proceedings
EditorsZheng Yan, Refik Molva, Wojciech Mazurczyk, Raimo Kantola
PublisherSpringer Verlag
Pages145-159
Number of pages15
ISBN (Print)9783319647005
DOIs
Publication statusPublished - 2017
Event11th International Conference on Network and System Security, NSS 2017 - Helsinki, Finland
Duration: 21 Aug 201723 Aug 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10394 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference11th International Conference on Network and System Security, NSS 2017
Country/TerritoryFinland
CityHelsinki
Period21/08/1723/08/17

Keywords

  • Commodity hardware
  • Control-flow attacks
  • Kernel

Fingerprint

Dive into the research topics of 'A practical method to confine sensitive API invocations on commodity hardware'. Together they form a unique fingerprint.

Cite this

Tian, D., Qi, D., Zhan, L., Yin, Y., Hu, C., & Xue, J. (2017). A practical method to confine sensitive API invocations on commodity hardware. In Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (Eds.), Network and System Security - 11th International Conference, NSS 2017, Proceedings (pp. 145-159). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10394 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_11