309 | P a g e
A MEMORY-ACCESS VALIDATION SCHEME AGAINST PAYLOAD INJECTION ATTACKS
Ms.J.Swathiga
1, Dr.M.Indhumathi
2, Ms.S.Tamilarasi
31,3
PG Scholar,
2Assistant Professor
2, Department of Computer Science,
1,2,3
Dhanalakshmi Srinivasan College of Arts & Science for Women, Perambalur, Affiliated to Bharathidasan University (India)
ABSTRACT
The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attack. Various forms of protection against malicious attacks. Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). These papers propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE. NICE is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network programming APIs. The attacker is analyzed by attack analyzer and VM profiling.
Keywords: Virtual memory, Security, vulnerabilities, detection I. INTRODUCTION
When intruding into vulnerable systems, malicious par-ties usually inject their payload over a communication channel like a network device into a victimized process’s address space. Payloads crafted for such attacks gen- really consist of machine code combined with control flow data in codeinjectionattacks or control flow data followed by argumentsfor an existing procedure pointed to by the data, as in return-to-libc attacks. Despite architectural features andsoftware mitigation approaches against such attacksmalicious parties have been able to bypass suchtechniques. Usually, such circumvention techniques takeadvantage of the inherent limitations of the base featureson which those features and mitigation approaches arebased – such as the coarse granularity of access controlattributes or a limitation in randomization.One noteworthy observation on exploited vulnerabilities is that control flow data that is vulnerable to compromise isstill referenced for the next instruction address without anyvalidation. For example, return addresses in an active stackframe are blindly referenced for the next instruction addressupon exiting a sub-procedure. As is widely known, there are several mitiga-tion approaches against stack compromising attacks – in- serting canaries [1], stack-layout reorganization, return- address encryption [2] [3], stack frame allocation [4], and ASLR against return-to-libc. However, most of those protection measures still allow the processor core to fetch the next instruction address from vulnerable stackframes without verifying the authenticity of the memory word to be referenced. Stack-compromising attacks exploit this blind behavior thereby diverting control flow into locations that they want to fetch instructions from. Although ASLR approaches can mitigate threats from such attacks, as shown in [5],
310 | P a g e mitigations that merelyreduce the likelihood through randomization can easily be circumvented. Furthermore, return-orientedprogramming(ROP) attacks [6] are able to synthesize aviable attack vector with only existing machine codes ina given address space. These observations imply thatmore complete and solid protection for control flowprotection is required.In this paper, I propose a memory-access validationscheme. The validation unit based on this scheme gathers information on memory blocks containing spurious data transferred through unreliable I/O devices, and updates the information to reflect status changes in those blocks at runtime.
At the same time, the processor components for control flow redirection ask this unit whether the memory block to be referenced for the next instruction or its address is authentic or not. The unit returns the taint status of the queried memory address to the component for further actions, such as triggering an exception
II.PROBLEM DESCRIPTION 2.1 Existing System
In the existing system Multi-variant execution is used in the cloud to detect the attack in the software as service.
The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. Many sources of inconsistencies, including asynchronous signals and scheduling of multi-threaded or multi-process applications, can cause divergence in behavior of variants. These divergences can cause false alarm. But it is not applicable in the infrastructure as service. Return-oriented programming (ROP) attacks are able to synthesize a viable attack vector with only existing machine codes in a given address space. These observations imply that more complete and solid protection for control flow protection is required.
2.1.1 Disadvantage
I. Not securable in the Iaas cloud service.
II. Computation complexity is high.
III. Its cannot track the particular content.
IV. Injection Attacks
2.2 Proposed System
In the proposed system Network Intrusion detection and Countermeasure selection in virtual network systems (NICE) is used to establish a defense-in-depth intrusion detection framework. It incorporates attack graph analytical procedures into the intrusion detection processes. A NICE-A periodically scans the virtual system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified vulnerability toward the collaborative attack goals. NICE optimizes the implementation on cloud servers to minimize resource consumption. NICE employs a novel attack graph approach for attack detection and prevention by correlating attack behavior and also suggests effective countermeasures. In memory-access validation scheme. The validation unit based on this scheme gathers information on memory blocks containing spurious data transferred
2.2.1advantages
1. More efficient to access
2. Computational complexity is low.
311 | P a g e 3. More securable.
4. Using Validation Scheme for valid the data
III. METHODOLOGY
1. Network Controller 2. User Request 3. Information Provider 4. Attack Analyzer
5. Virtual Machine Profiling
MODULE DESCRIPTION 3.1 Network Controller
Cloud-based networks only require an Internet connection and work over any physical infrastructure, wired or wireless, public or private. CBN networks utilize per user or device subscription pricing, so there is little to no upfront has the added benefit of not requiring any additional hardware beyond that required for internet connectivity. Most cloud costs and users pay-as-you-grow. Cloud networks are similar to a virtual private network (VPN) because they enable users to securely access files, printers, applications, etc. from anywhere in the world, on any device. However, cloud networks are multi-tenant private virtual cloud networks that overlay the Internet. Each virtual cloud network functions like a borderless LAN and provides fully switched, any-to- any connectivity between servers, PCs, and mobile devices from anywhere. NaaS delivery means that traditional operational aspects of building and managing a VPN such as topology, traffic engineering, capacity planning, high-availability, and the network operation center (NOC), are performed by the cloud network operator and not the customer.
Cloud networking is a new way to market distributed enterprise networks that delivers enterprise-class network capabilities around the globe via a highly resilient, multi-tenant application that requires no capital investment in networking equipment. Unlike traditional hardware-based legacy solutions, cloud networking is extremely simple, enabling businesses to deploy remote locations in minutes and operate their distributed networks via a cloud-based application, while maintaining centralized control and network visibility. These services are also subscription-based. Cloud-based networking offers the same benefits of cloud computing
The network controller is a key component to support the programmable networking capability to realize the virtual network reconfiguration feature based on Open Flow protocol. In NICE, within each cloud server there is a software switch, for example, OVS, which is used as the edge switch for VMs to handle traffic in and out from VMs. The communication between cloud servers (i.e., physical servers) is handled by physical Open Flow- capable Switch (OFS).
3.2 User Request
Cloud computing is a new computing model. The resource monitoring tools are immature compared to traditional distributed computing and grid computing. In order to better monitor the virtual resource in cloud computing, a periodically and event-driven push (PEP) monitoring model is proposed. Taking advantage of the push and event-driven mechanism, the model can provide comparatively adequate information about usage and
312 | P a g e status of the resources. The cloud user register and login themselves. They request for the resource they need in the cloud. This request is monitored by Virtual machine Monitoring
.
3.3 Information Provider
For any cloud service – Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), Managed Private Cloud offerings, SaaS hosting or others - the Vormetric Cloud Encryption is a perfect fit; multi-tenant ready, scalable, secure implementation, and including the APIs and interfaces required to work with existing infrastructure. Unlock new opportunities for your cloud offering by directly addressing the concerns of enterprise customers that use of a cloud service will expose them to the financial costs of losing legally protected data, theft of intellectual property and regulatory non-compliance.
3.4 Attack Analyzer
Network forensic analysis is part of the digital forensics branch, which monitors and analyzes computer network traffic for the purposes of gathering information, collecting legal evidence, or detecting intrusions . When talking about network forensics, we’re actually talking about the data that has been transmitted over the network, which might serve as the only evidence of an intrusion or malicious activity. Obviously that’s not always the case, since an intruder often leaves evidence on the hard disk of the compromised host as well in the form of log files, uploaded malicious files, etc. But when the attacker is very careful not to leave any traces on the compromised computer, the only evidence that we might have is in the form of captured network traffic.
When capturing network traffic, we most often want to separate the good data from the bad by extracting useful information from the traffic, such as transmitted files, communication messages, credentials, etc. If we have a lot of disk space available, we can also store all the traffic to disk and analyze it at a later time if needed, but obviously this requires a great amount of disk space. Usually we use network forensics to discover security attacks being conducted over the network. We can use a tool like tcpdump or Wireshark to perform network analysis on the network traffic.
The major functions of NICE system are performed by attack analyzer, which includes procedures such as attack graph construction and update, alert correlation, and countermeasure selection. The process of constructing and utilizing the SAG consists of three phases: Information gathering, attack graph construction, and potential exploit path analysis. With this information, attack paths can be modeled using SAG. Each node in the attack graph represents an exploit by the attacker. Each path from an initial node to a goal node represents a successful attack.
3.5 Virtual Machine Profiling
Managing performance is a key task in systems administration. With virtualization (where multiple independent operating systems are competing for system resources), measuring and monitoring real-world performance of your applications is even more important.
But this is easier said than done. In this article, I'll cover some details and approaches for monitoring the performance of your physical and virtual machines. The goal is to make better decisions in matters of virtualization performance and load distribution
313 | P a g e
IV. CONCLUSION
In this paper, I propose a hardware mechanism to validate memory accesses influencing control flow redirection. The validation unit based on the proposed scheme manages the taint statuses of memory blocks for each address space at the cache line size granularity. This unit answers queries from other hardware components involved in control flow redirection. We also proposed integration approaches and caching structures to alleviate the performance overhead. Experiments with two simulators showed that the proposed scheme is able to detect synthesized payload injection attacks and to manage taint information with a limited amount of memory.
Performance degradation varied from negligible to significant depending on the number of queries and row cache performance
V. ACKNOWLEDGEMENT
The author deeply indebted to honorable Shri A.SRINIVASAN(Founder Chairman), SHRI P.NEELRAJ(Secretary) Dhanalakshmi Srinivasan Group of Institutions,Perambalur for giving me opportunity to work and avail the facilities of the College Campus . The author heartfelt and sincere thanks to Principal Dr.ARUNA DINAKARAN, Vice Principal Prof.S.H.AFROZE, HoDMrs.V.VANEESWARI,(Dept. of CS & IT) Project Guide Dr.M.Indhumathi,(Dept. of CS & IT) of Dhanalakshmi Srinivasan College of Arts & Science for Women,Perambalur. The author also thanks to parents, Family Members, Friends, Relatives for their support, freedom and motivation.
REFERENCES
[1]. H. Etoh, ―GCC extension for protecting applications from stack-smashing attacks (ProPolice),‖ 2003, [2]. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas, ―Secure prograexecution via dynamic information flow
tracking,‖ SIGARCH Comput.Archit. News, vol. 32 [3]. www.trl.ibm.com/projects/security/ssp/.
BIOGRAPHICAL NOTES
Ms.J.SWATHIGA is presently pursuing M.Sc.,Final year the Department of Computer Science From Dhanalakshmi Srinivasan College of Arts and Science for Women,
Dr.M.INDHUMATHI, Received MCA, Ph.D She is currently working as Assistant Professor in Department of Computer Science in Dhanalakshmi Srinivasan College of Arts and Science for Women, Perambalur, TamilNadu, India. She has Published papers in IJIRCCE&IJCES journals
Ms.S.TAMILARASI is presently pursuing M.Sc.,Final year the Department of Computer Science From Dhanalakshmi Srinivasan College of Arts and Science for Women,
