A practical method to confine sensitive API invocations on commodity hardware

Donghai Tian; Dingjun Qi; Li Zhan; Yuhang Yin; Changzhen Hu; Jingfeng Xue

doi:10.1007/978-3-319-64701-2_11

A practical method to confine sensitive API invocations on commodity hardware

Donghai Tian^*, Dingjun Qi, Li Zhan, Yuhang Yin, Changzhen Hu, Jingfeng Xue

^*此作品的通讯作者

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

Control-flow hijacking attacks are a very dangerous threat to software security in that they can hijack the programs execution to execute malicious code. There have been many solutions proposed for countering these attacks, but majority of them suffer from the following limitations: (1) Some methods could be bypassed by advanced code reuse attacks; (2) Some methods will incur considerable performance cost; (3) Some methods need to modify the target program. To address these problems, we present APIdefender, a kernel-based solution to defeat control-flow attacks. Our method is compatible with the existing software and hardware. The basic idea of our approach is to confine the sensitive API invocations by comparing the invocation context with the baseline information that is obtained by offline analysis. To perform the run-time enforcement for the API invocations, we leverage some commodity hardware features. The experiments show that APIdefender can detect malicious API invocations effectively with a little performance overhead.

源语言	英语
主期刊名	Network and System Security - 11th International Conference, NSS 2017, Proceedings
编辑	Zheng Yan, Refik Molva, Wojciech Mazurczyk, Raimo Kantola
出版商	Springer Verlag
页	145-159
页数	15
ISBN（印刷版）	9783319647005
DOI	https://doi.org/10.1007/978-3-319-64701-2_11
出版状态	已出版 - 2017
活动	11th International Conference on Network and System Security, NSS 2017 - Helsinki, 芬兰期限: 21 8月 2017 → 23 8月 2017

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	10394 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	11th International Conference on Network and System Security, NSS 2017
国家/地区	芬兰
市	Helsinki
时期	21/08/17 → 23/08/17

访问文件

10.1007/978-3-319-64701-2_11

其它文件与链接

链接到 Scopus 的出版物

引用此

Tian, D., Qi, D., Zhan, L., Yin, Y., Hu, C., & Xue, J. (2017). A practical method to confine sensitive API invocations on commodity hardware. 在 Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (编辑), Network and System Security - 11th International Conference, NSS 2017, Proceedings (页码 145-159). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 10394 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_11

Tian, Donghai ; Qi, Dingjun ; Zhan, Li 等. / A practical method to confine sensitive API invocations on commodity hardware. Network and System Security - 11th International Conference, NSS 2017, Proceedings. 编辑 / Zheng Yan ; Refik Molva ; Wojciech Mazurczyk ; Raimo Kantola. Springer Verlag, 2017. 页码 145-159 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6baa7d2762cc4e58906c2c9ecef79b54,

title = "A practical method to confine sensitive API invocations on commodity hardware",

abstract = "Control-flow hijacking attacks are a very dangerous threat to software security in that they can hijack the programs execution to execute malicious code. There have been many solutions proposed for countering these attacks, but majority of them suffer from the following limitations: (1) Some methods could be bypassed by advanced code reuse attacks; (2) Some methods will incur considerable performance cost; (3) Some methods need to modify the target program. To address these problems, we present APIdefender, a kernel-based solution to defeat control-flow attacks. Our method is compatible with the existing software and hardware. The basic idea of our approach is to confine the sensitive API invocations by comparing the invocation context with the baseline information that is obtained by offline analysis. To perform the run-time enforcement for the API invocations, we leverage some commodity hardware features. The experiments show that APIdefender can detect malicious API invocations effectively with a little performance overhead.",

keywords = "Commodity hardware, Control-flow attacks, Kernel",

author = "Donghai Tian and Dingjun Qi and Li Zhan and Yuhang Yin and Changzhen Hu and Jingfeng Xue",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 11th International Conference on Network and System Security, NSS 2017 ; Conference date: 21-08-2017 Through 23-08-2017",

year = "2017",

doi = "10.1007/978-3-319-64701-2_11",

language = "English",

isbn = "9783319647005",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "145--159",

editor = "Zheng Yan and Refik Molva and Wojciech Mazurczyk and Raimo Kantola",

booktitle = "Network and System Security - 11th International Conference, NSS 2017, Proceedings",

address = "Germany",

}

Tian, D, Qi, D, Zhan, L, Yin, Y, Hu, C & Xue, J 2017, A practical method to confine sensitive API invocations on commodity hardware. 在 Z Yan, R Molva, W Mazurczyk & R Kantola (编辑), Network and System Security - 11th International Conference, NSS 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 10394 LNCS, Springer Verlag, 页码 145-159, 11th International Conference on Network and System Security, NSS 2017, Helsinki, 芬兰, 21/08/17. https://doi.org/10.1007/978-3-319-64701-2_11

A practical method to confine sensitive API invocations on commodity hardware. / Tian, Donghai; Qi, Dingjun; Zhan, Li 等.
Network and System Security - 11th International Conference, NSS 2017, Proceedings. 编辑 / Zheng Yan; Refik Molva; Wojciech Mazurczyk; Raimo Kantola. Springer Verlag, 2017. 页码 145-159 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 10394 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - A practical method to confine sensitive API invocations on commodity hardware

AU - Tian, Donghai

AU - Qi, Dingjun

AU - Zhan, Li

AU - Yin, Yuhang

AU - Hu, Changzhen

AU - Xue, Jingfeng

N1 - Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017

Y1 - 2017

N2 - Control-flow hijacking attacks are a very dangerous threat to software security in that they can hijack the programs execution to execute malicious code. There have been many solutions proposed for countering these attacks, but majority of them suffer from the following limitations: (1) Some methods could be bypassed by advanced code reuse attacks; (2) Some methods will incur considerable performance cost; (3) Some methods need to modify the target program. To address these problems, we present APIdefender, a kernel-based solution to defeat control-flow attacks. Our method is compatible with the existing software and hardware. The basic idea of our approach is to confine the sensitive API invocations by comparing the invocation context with the baseline information that is obtained by offline analysis. To perform the run-time enforcement for the API invocations, we leverage some commodity hardware features. The experiments show that APIdefender can detect malicious API invocations effectively with a little performance overhead.

AB - Control-flow hijacking attacks are a very dangerous threat to software security in that they can hijack the programs execution to execute malicious code. There have been many solutions proposed for countering these attacks, but majority of them suffer from the following limitations: (1) Some methods could be bypassed by advanced code reuse attacks; (2) Some methods will incur considerable performance cost; (3) Some methods need to modify the target program. To address these problems, we present APIdefender, a kernel-based solution to defeat control-flow attacks. Our method is compatible with the existing software and hardware. The basic idea of our approach is to confine the sensitive API invocations by comparing the invocation context with the baseline information that is obtained by offline analysis. To perform the run-time enforcement for the API invocations, we leverage some commodity hardware features. The experiments show that APIdefender can detect malicious API invocations effectively with a little performance overhead.

KW - Commodity hardware

KW - Control-flow attacks

KW - Kernel

UR - http://www.scopus.com/inward/record.url?scp=85028469845&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-64701-2_11

DO - 10.1007/978-3-319-64701-2_11

M3 - Conference contribution

AN - SCOPUS:85028469845

SN - 9783319647005

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 145

EP - 159

BT - Network and System Security - 11th International Conference, NSS 2017, Proceedings

A2 - Yan, Zheng

A2 - Molva, Refik

A2 - Mazurczyk, Wojciech

A2 - Kantola, Raimo

PB - Springer Verlag

T2 - 11th International Conference on Network and System Security, NSS 2017

Y2 - 21 August 2017 through 23 August 2017

ER -

Tian D, Qi D, Zhan L, Yin Y, Hu C , Xue J. A practical method to confine sensitive API invocations on commodity hardware. 在 Yan Z, Molva R, Mazurczyk W, Kantola R, 编辑, Network and System Security - 11th International Conference, NSS 2017, Proceedings. Springer Verlag. 2017. 页码 145-159. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-64701-2_11

A practical method to confine sensitive API invocations on commodity hardware

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此