Open Access
ARTICLE
FFRA: A Fine-Grained Function-Level Framework to Reduce the Attack Surface
1 College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China
2 School of Modern Posts, Nanjing University of Posts and Telecommunications, Nanjing, China
* Corresponding Author: Liang Liu. Email:
Computer Systems Science and Engineering 2024, 48(4), 969-987. https://doi.org/10.32604/csse.2024.046615
Received 09 October 2023; Accepted 28 February 2024; Issue published 17 July 2024
Abstract
System calls are essential interfaces that enable applications to access and utilize the operating system’s services and resources. Attackers frequently exploit application’s vulnerabilities and misuse system calls to execute malicious code, aiming to elevate privileges and so on. Consequently, restricting the misuse of system calls becomes a crucial measure in ensuring system security. It is an effective method known as reducing the attack surface. Existing attack surface reduction techniques construct a global whitelist of system calls for the entire lifetime of the application, which is coarse-grained. In this paper, we propose a Fine-grained Function-level framework to Reduce the Attack surface (FFRA). FFRA employs software static analysis to obtain the function call graph of the application. Combining the graph with a mapping of library functions generates each function’s legitimate system calls. As far as we know, it is the first approach to construct the whitelist of system calls for each function of the application. We have implemented a prototype of FFRA and evaluated its effectiveness with six popular server applications. The experimental results show that it disables 33% more system calls compared to existing approaches while detecting 15% more shellcode vulnerabilities. Our framework outperforms existing models by defending against a broader range of attacks. Integrated into antivirus software and intrusion prevention systems, FFRA could effectively counter malware by precisely restricting system calls.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.