I read about instruction set randomization in modern processors where a processor randomizes the instruction sets to avoid code injection attacks. Actually, Wikipedia explanation is not clear to me. Kindly, can someone explain the process of it in a clear way? Is there a key involved?
Asked
Active
Viewed 1,457 times
2
Kristofer
- 1,457
- 2
- 19
- 27
-
2"in modern processors" - To my knowledge, no actual commodity CPU actually supports ISR, it's a research effort at this point, so saying "modern processors" have it is mistaken. The proposed implementations are fairly limited too, being not well suited to pre-compiled binaries (e.g. the code section of an executable is "encrypted" by XOR-ing a repeated key, so pre-compiled code would all share the same key unless install post-processing changed it, and if it did, file signatures would break since the hash would differ without special accounting for the key). – ShadowRanger Oct 14 '16 at 00:43
1 Answers
2
The idea of instruction randomization is to avoid code injection attacks. Say for example there is some vulnerable code that the attacker wishes to execute and all s/he has to do is to transfer the program control to the beginning of that code block. In a non-protected environment once the control is transferred, the CPU will begin the execution of the code as it cannot distinguish the proper code from the vulnerable code. One "simple" thing you can do to prevent such attacks is to use some encryption (with a key) to the proper machine code which the attacker has no idea of. So in the decode stage, the proper code will first get decrypted and then decoded. Since the attacker does not know the key that is used to encrypt the proper code, their code wont succeed the decryption stage, hence wont get executed.
