The instruction separation framework against Man-At-The-End attacks: Protect what is mattered on-the-fly

Jiaxuan WU, Wei-Yang CHIU, Peichen LIU, Weizhi MENG, Wenjuan LI

Research output: Chapter in Book/Report/Conference proceedingChapters

Abstract

Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time - named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead. Copyright © 2023 IEEE.

Original languageEnglish
Title of host publicationProceedings of 2023 IEEE International Conference on Parallel and Distributed Processing with Applications, Big Data and Cloud Computing, Sustainable Computing and Communications, Social Computing and Networking, ISPA/BDCloud/SocialCom/SustainCom 2023
Place of PublicationDanvers, MA
PublisherIEEE
Pages286-293
ISBN (Electronic)9798350329223
DOIs
Publication statusPublished - 2023

Citation

Wu, J., Chiu, W.-Y., Liu, P., Meng, W., & Li, W. (2023). The instruction separation framework against Man-At-The-End attacks: Protect what is mattered on-the-fly. In Proceedings of 2023 IEEE International Conference on Parallel and Distributed Processing with Applications, Big Data and Cloud Computing, Sustainable Computing and Communications, Social Computing and Networking, ISPA/BDCloud/SocialCom/SustainCom 2023 (pp. 286-293). IEEE. https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

Keywords

  • Man-At-The-End
  • MATE attack
  • Integrity protection
  • Program instrumentation
  • Instruction separation

Fingerprint

Dive into the research topics of 'The instruction separation framework against Man-At-The-End attacks: Protect what is mattered on-the-fly'. Together they form a unique fingerprint.