Unicode-proof Code Injection Attack on Windows CE- A Novel Approach of Evading Intrusion Detection System for Mobile Network
Code injection attack is a major way of spreading malware on network. The key section of code injection attack is a small piece of code, called shellcode, which performs unauthorized operations when it is injected into software as part of valid data. On Windows CE, input data are often encoded using Unicode before being processed. In such cases, shellcode should be built in a way that bypasses such encoding; that is, it should be Unicode-proof. Unicode-proof shellcode also has great advantage of evading instruction detection system. However, it is quite difficult to build Unicode-proof shellcode for the ARM architecture,.on which most embedded devices are developed, because the subset of instructions that can be used to write Unicode-proof shellcode is very limited. Moreover, the instruction cache in the ARM processor restricts the application of selfmodifying code, which is frequently used in shellcode writing. This novel research proposes an approach to building.ARM Unicode-proof shellcode on Windows CE under these constraints. The approach applies to all versions of ARM processors and Windows CE, including systems evolved from Windows CE, such as Windows Mobile and Windows Phone. The shellcode is tested on three currently available devices.
Unicode-proof code injection Windows CE
Yang Song Yuqing Zhang Yingfei Sun JingBo Yan
National Computer Network Intrusion Protection Center Graduate University of Chinese Academy of Scie School of Information Science and Engineering Graduate University of Chinese Academy of Sciences Bei Key Lab of Computer Networks and Information Security of Ministry of Education Xidian University Xia
国际会议
西安
英文
116-120
2011-05-27(万方平台首次上网日期,不代表论文的发表时间)