Key words
information security, program code protection, instruction set randomization, signature analyses, protection from reconnaissance.
articles
The author:
Styugin M. Published in
№ 3(75)
29 june 2018 year
Rubric: Data protection
Rubric: Data protection
Program code signature analysis technology to protect against exploitation of vulnerabilities
The problem of exploitation of program code vulnerabilities is one of the most relevant for ensuring
information systems security. This problem is frequently related to developer errors, to the lack of validation
of input data and to subroutines. Recently, many different solutions for this problem have been
proposed. However, their low efficiency is due to the inability to automatically separate a piece of code
that is useful (from the point of view of the system’s function) from a code or range of values that are
useless in terms of user value as well as those that are vulnerable. A method for analyzing a program
execution based on signatures is proposed in this work. Thus, the input data generate a certain algorithm
signature. Anomalies at the signature level indicate possible exploitation of vulnerabilities. Therefore,
we can launch anomalous activity in a sandbox or correct the program code based on anomalous activity
automatically. The implementation of the proposed technology uses a web server as an example
and exhibits a high efficiency for detecting any remote attacks on the program code. Shortcomings include
a high percentage of false positives. This percentage can be lowered by taking into account additional
analysis of input values, which may be a future development direction of this study.
The author:
Styugin M.
Degree:
PhD in Technique, Reshetnev Siberian State University of Science and Technology
Location:
Krasnoyarsk
