An Obfuscation-Based Approach against Injection Attacks

We present an obfuscation strategy to protect a program against injection attacks. The strategy represents the program as a set of code fragments in-between two consecutive system calls (the system blocks) and a graph that represents the execution order of the fragment (the system block graph). The system blocks and the system block graph are partitioned between two virtual machines (VMs). The Blocks-VM stores and executes the system blocks but does not store any information on how control flows across the system blocks. This information is represented only by the system block graph stored in the Graph-VM, which correctly sequentializes the system blocks by analyzing the system block graph and accessing the Blocks-VM. At run-time, each time a system block ends, i.e. the program issues a system call, the execution of the Blocks-VM is frozen and control is transferred to the Graph-VM. After deducing the next system block to be executed from the system block graph, the current system block and the current system call, the Graph-VM updates the return address in the Blocks-VM so that the correct system block is executed and then resumes the Blocks-VM. To protect code integrity, the Graph-VM also stores a hash of each block. The overall strategy results in a clean separation between the program and its control-flow and this is important whenever the Graph-VM is in full control of the user whereas the Blocks-VM may be attacked through code injection. The Graph-VM can discover these attacks because either the current system call is not present in the original program or the hash of the current block is invalid. In all these cases, the Graph-VM halts the execution of the program. We present the algorithm that maps the program source code into the system blocks and the system block graph and discuss a first implementation of the run-time architecture along with some performance results.