The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly

Jiaxuan Wu; Wei-Yang Chiu; Peichen Liu; Weizhi Meng; Wenjuan Li

doi:10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly

Jiaxuan Wu
, Wei-Yang Chiu
, Peichen Liu
, Weizhi Meng
, Wenjuan Li

Guangzhou University

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time – named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead.

Original language	English
Title of host publication	Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)
Publisher	IEEE
Publication date	2023
Pages	286-293
ISBN (Print)	979-8-3503-2923-0
ISBN (Electronic)	979-8-3503-2922-3
DOIs	https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070
Publication status	Published - 2023
Event	2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking - Wuhan, China Duration: 21 Dec 2023 → 24 Dec 2023

Conference

Conference	2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking
Country/Territory	China
City	Wuhan
Period	21/12/2023 → 24/12/2023

Keywords

Man-At-The-End
MATE Attack
Integrity Protection
Program Instrumentation
Instruction Separation

Access to Document

10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

OpenUrl availability

Check availability in DTU Findit

Cite this

Wu, J., Chiu, W.-Y., Liu, P., Meng, W., & Li, W. (2023). The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly. In Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) (pp. 286-293). IEEE. https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

Wu, Jiaxuan ; Chiu, Wei-Yang ; Liu, Peichen et al. / The Instruction Separation Framework against Man-At-The-End Attacks : Protect What is Mattered On-the-Fly. Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE, 2023. pp. 286-293

@inproceedings{ea3f2c00ef5941a08d0713e177403039,

title = "The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly",

abstract = "Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time – named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead.",

keywords = "Man-At-The-End, MATE Attack, Integrity Protection, Program Instrumentation, Instruction Separation",

author = "Jiaxuan Wu and Wei-Yang Chiu and Peichen Liu and Weizhi Meng and Wenjuan Li",

year = "2023",

doi = "10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070",

language = "English",

isbn = "979-8-3503-2923-0",

pages = "286--293",

booktitle = "Proceedings of 2023 IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Big Data \& Cloud Computing, Sustainable Computing \& Communications, Social Computing \& Networking (ISPA/BDCloud/SocialCom/SustainCom)",

publisher = "IEEE",

address = "United States",

note = "2023 IEEE Intl Conf on Parallel \& Distributed Processing with Applications, Big Data \& Cloud Computing, Sustainable<br/>Computing \& Communications, Social Computing \& Networking, ISPA ; Conference date: 21-12-2023 Through 24-12-2023",

}

Wu, J, Chiu, W-Y, Liu, P, Meng, W & Li, W 2023, The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly. in Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE, pp. 286-293, 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable
Computing & Communications, Social Computing & Networking, Wuhan, China, 21/12/2023. https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly. / Wu, Jiaxuan; Chiu, Wei-Yang; Liu, Peichen et al.
Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE, 2023. p. 286-293.

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - The Instruction Separation Framework against Man-At-The-End Attacks

T2 - 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable<br/>Computing & Communications, Social Computing & Networking

AU - Wu, Jiaxuan

AU - Chiu, Wei-Yang

AU - Liu, Peichen

AU - Meng, Weizhi

AU - Li, Wenjuan

PY - 2023

Y1 - 2023

N2 - Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time – named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead.

AB - Man-At-The-End (MATE) attack is constantly discussed in the information security research field. Though many detection and mitigation methods have been proposed in software protection (SP) industry, it is still considered as an open challenge in many aspects. For example, existing tools and consultation services are always costly and opaque. This lack of transparency raises concerns regarding whether the companies are adequately grasping the risks. In response to this kind of industry challenge, in this work, we aim to propose a new perspective of method to resolve multiple variations at a time – named The Instruction Separation Framework (ISF). It consists of four important techniques: the program instrumentation, the user mode monitor, kernel mode hooks, and the execution module. The aim of our framework is to provide foundational runtime software integrity against primary MATE attacks, such as binary patching, code injection, and memory hooking. More specifically, we first survey several state-of-the-art approaches on defending MATE attacks, and then demonstrate how our framework can achieve the goal by securing critical functions and data of the program on-the-fly. Finally, we discuss the trade-off between protection completeness and the runtime overhead.

KW - Man-At-The-End

KW - MATE Attack

KW - Integrity Protection

KW - Program Instrumentation

KW - Instruction Separation

U2 - 10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

DO - 10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

M3 - Article in proceedings

SN - 979-8-3503-2923-0

SP - 286

EP - 293

BT - Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)

PB - IEEE

Y2 - 21 December 2023 through 24 December 2023

ER -

Wu J, Chiu WY, Liu P, Meng W, Li W. The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly. In Proceedings of 2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom). IEEE. 2023. p. 286-293 doi: 10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00070

The Instruction Separation Framework against Man-At-The-End Attacks: Protect What is Mattered On-the-Fly

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this