Abstract
Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time - named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead. Copyright © 2023 IEEE.
Original language | English |
---|---|
Title of host publication | Proceedings of 2023 IEEE International Conference on Parallel and Distributed Processing with Applications, Big Data and Cloud Computing, Sustainable Computing and Communications, Social Computing and Networking, ISPA/BDCloud/SocialCom/SustainCom 2023 |
Place of Publication | Danvers, MA |
Publisher | IEEE |
Pages | 286-293 |
ISBN (Electronic) | 9798350329223 |
DOIs | |
Publication status | Published - 2023 |
Citation
Wu, J., Chiu, W.-Y., Liu, P., Meng, W., & Li, W. (2023). The instruction separation framework against Man-At-The-End attacks: Protect what is mattered on-the-fly. In Proceedings of 2023 IEEE International Conference on Parallel and Distributed Processing with Applications, Big Data and Cloud Computing, Sustainable Computing and Communications, Social Computing and Networking, ISPA/BDCloud/SocialCom/SustainCom 2023 (pp. 286-293). IEEE. https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070Keywords
- Man-At-The-End
- MATE attack
- Integrity protection
- Program instrumentation
- Instruction separation