A System Call Randomization Based Method for Countering Code-Injection Attacks
Code-injection attacks pose serious threat to today's Internet. The existing code-injection attack defense methods have some deficiencies on performance overhead and effectiveness. To this end, the authors propose a method that uses system called randomization to counter code injection attacks based on instruction set randomization idea. System calls must be used when an injected code would perform its actions. By creating randomized system calls of the target process, an attacker who does not know the key to the randomization algorithm will inject code that isn't randomized like as the target process and is invalid for the corresponding de-randomized module.