VirISA: Recruiting virtualization and reconfigurable processor ISA for malicious code injection protection

Abstract

As users place increasingly more sensitive information in IT products, trusting that a system is not compromised by malicious entities becomes imperative. Code injection is a well-known attack that can directly cause harm by exploiting system vulnerabilities or can constitute the first step of broader, stronger malicious attacks like worm or trojan establishment and distribution. There exist various techniques for dealing with code injection attacks but most of them are either only software oriented or require instruction code encryption, key management elaboration, and the existence of special processor structures. In this paper, we sketch a different approach on protecting a system from such attacks which is based on recoding a single or multicore processor instruction set architecture (ISA) executable code into a randomized ISA subset-based executable code and executing such code in a dedicated ISA-based virtual execution environment. Our scheme, denoted as VirISA, is powered-on before operation system kernel architecture layer and is capable of profiling an executable code, choose a random, dedicated subset of the processor ISA, recode the executable on this ISA, and generate a virtual machine for this recoded executable process where only its dedicated ISA can function. Using this approach, infection vectors that are inserted in the recoded, dedicated ISA, process during memory execution will become obsolete since some of their instructions will not be included in the assigned dedicated ISA subset and will not be executed.