The SDT system used in this method provides a small, robust virtual execution environment for ensuring safe execution. The SDT system loads and encrypts the application program, decrypts the application-program instructions in preparation for execution, and determines whether the decrypted instructions are valid application instructions prior to execution. Hence, unlike related prior methods, this method does not involve reliance on detection of an exception during attempted execution of randomized injected code: instead, injected code is detected as it is prepared for execution.

In tests of the security of this method, vulnerabilities of various types were seeded into several popular server application programs and then attempts were made to exploit the vulnerabilities to inject code. In every test case, the injected code was detected and execution of the detected code was prevented.

The method has also been shown to be efficient enough (and, hence, practical) to be useful in protecting critical server application programs that are often targets of attacks. Measurements on an Apache Web server protected by this method showed a performance loss of only 5 to 15 percent relative to a natively executing Apache web server (see figure). Similar measurements on a domain name server protected by this method showed a performance loss between 5 and 10 percent.

This work was done by Wei Hu, Jason Hiser, Dan Williams, Adrian Filipi, Jack W. Davidson, David Evans, John C. Knight, Anh Nguyen- Tuong, and Jonathan Rowanhill of the University of Virginia for the Defense Advanced Research Projects Agency.

This Brief includes a Technical Support Package (TSP).

Thwarting Code-Injection Attacks Using SDT-Based ISR (reference DARPA-0005) is currently available for download from the TSP library.

Login first to download.

Username

Password

Remember me


Lost Password? Register