User Tools

Site Tools


code_injection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
code_injection [2007/10/30 12:41]
ryan created
code_injection [2009/12/08 10:30] (current)
dxu
Line 1: Line 1:
 ====== Code Injection Prevention ====== ====== Code Injection Prevention ======
-This work presents a code injection prevention technique based on the observation that code injection attacks ​required ​a von Neumann memory architecture (that is, an architecture where code and data can come from the same memory space) in order to be successful. ​ We modify the Linux kernel to produce a Harvard architecture (one where code and data are separated) on a per process basis, hence preventing code injection attempts. ​ This work is most similar to the NX-bit in modern processors. ​ (In fact, non-executable pages are a subset of that protection this work provides.)+This work presents a code injection prevention technique based on the observation that code injection attacks ​require ​a von Neumann memory architecture (that is, an architecture where code and data can come from the same memory space) in order to be successful. ​ We modify the Linux kernel to produce a Harvard architecture (one where code and data are separated) on a per process basis, hence preventing code injection attempts. ​ This work is most similar to the NX-bit in modern processors. ​ (In fact, non-executable pages are a subset of that protection this work provides.)
  
 ===== Publications ===== ===== Publications =====
   * "An Architectural Approach to Preventing Code Injection Attacks."​ Ryan Riley, Xuxian Jiang, and Dongyan Xu. In //​Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks// ([[http://​2007.dsn.org/​|DSN 2007]]).   * "An Architectural Approach to Preventing Code Injection Attacks."​ Ryan Riley, Xuxian Jiang, and Dongyan Xu. In //​Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks// ([[http://​2007.dsn.org/​|DSN 2007]]).
-     * [[http://cairo.cs.purdue.edu/​pubs/​dsn07-codeinj.pdf|Paper]] in PDF format. +     * [[http://friends.cs.purdue.edu/​pubs/​dsn07-codeinj.pdf|Paper]] in PDF format. 
-     * [[http://cairo.cs.purdue.edu/​projects/​codeinj/​dsn07/​|Presentation]] as a Flash video.+     * [[http://friends.cs.purdue.edu/​projects/​codeinj/​dsn07/​|Presentation]] as a Flash video.
  
 +  * "An Architectural Approach to Preventing Code Injection Attacks."​ Ryan Riley, Xuxian Jiang, and Dongyan Xu. To appear in //IEEE Transactions on Dependable and Secure Computing (TDSC), Special Issue on DSN'​07.//​
  
 ===== Software ===== ===== Software =====
-The system is primarily a patch for Linux 2.6.13. ​ The code, such as it is, is available for download. ​ Feel free to grab a copy from [[http://cairo.cs.purdue.edu/​projects/​codeinj/​get.php|here]]. ​ There is a bit of documentation inside. ​ If you make improvements,​ find problems, etc. please pass back to us.+The system is primarily a patch for Linux 2.6.13. ​ The code, such as it is, is available for download. ​ Feel free to grab a copy from [[http://friends.cs.purdue.edu/​projects/​codeinj/​get.php|here]]. ​ There is a bit of documentation inside. ​ If you make improvements,​ find problems, etc. please pass it along to us. 
 + 
 +===== People ===== 
 +  * [[http://​www.cs.purdue.edu/​homes/​rileyrd/​|Ryan Riley]] 
 +  * [[http://​www.ise.gmu.edu/​~xjiang/​|Xuxian Jiang]] 
 +  * [[http://​www.cs.purdue.edu/​homes/​dxu/​|Dongyan Xu]]
  
  
code_injection.1193762464.txt.gz · Last modified: 2007/10/30 12:41 by ryan