| Attackers aim to take over the control of computer systems by exploiting the vulnerabilities found in the applications or the operating system services. The most popular vulnerabilities are buffer overflows in the heap or stack, integer overflows and format string vulnerabilities. Such vulnerabilities allow the attacker to run binary code of his own choice on the victim system. The reason such attacks are very successful is that the systems under attack are mostly homogeneous, i.e. the memory layout of the vulnerable process is the same among a particular version of an operating system. We propose to introduce diversity into the victim systems by creating heterogeneous environments for each process on these systems. We define four ways to monitor target processes based on temporal and spatial properties. Monitoring can be performed before or after the target process starts. This is the temporal property. The spatial property is to monitor the target from within the same address context or from a separate context. Randomizing the address space of the target process comprises rebasing all the modules that may be useful to an attacker and guarding of data structures that are impossible to relocate. The implementation of rebasing modules and enforcing access control has been done in user mode, whereas the rebasing of the executable module without relocation information has been implemented in kernel mode as a wrapper around the original page fault handler of the operating system. |
