The idea of interface diversification is that internal interfaces in the system are transformed into unique secret instances. On one hand, the trusted programs in the system are accordingly modified so that they can use the diversified interfaces. On the other hand, the malicious code injected into a system does not know the diversification secret, that is the language of the diversified system, and thus it is rendered useless. Based on our study of 500 exploits, this paper surveys the different interfaces that are targeted in malware attacks and can potentially be diversified in order to prevent the malware from reaching its goals. In this study, we also explore which of the identified interfaces have already been covered in existing diversification research and which interfaces should be considered in future research. Moreover, we discuss the benefits and drawbacks of diversifying these interfaces. We conclude that diversification of various internal interfaces could prevent or mitigate roughly 80 % of the analyzed exploits. Most interfaces we found have already been diversified as proof-of-concept implementations but diversification is not widely used in practical systems.
A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification
Presented at Nordsec 2016