A Framework for Safeguarding System against Code Injection Attacks
A framework based on Native API is proposed to prevent code injection attacks. This framework is implemented in a two-tier framework by adopting the idea of diversity. The first tier rearranges the Native API dispatch ID number so that only the Native API calls from legitimate sources are executed. The second tier provides an authentication process in case an attacker guesses the first-tier permutation order. The function call stack is back-traced to verify whether the original callers return address resides within the legitimate process. When an attack is suspected, the process is terminated and an alert is generated. The experiments show that the approach has no significant overhead.
Native API Code Injection Attacks Filter driver
Feng Yao
Hubei Province Key Laboratory of Intelligent Robot, Wuhan Institute of Technology School of Computer Science and Engineering, Wuhan Institute of Technology, Wuhan Hubei, China
国际会议
武汉
英文
814-817
2010-06-06(万方平台首次上网日期,不代表论文的发表时间)