Internal interface diversification as a method against malware

Abstract

ABSTRACT Internal interface diversification is a proactive software security method that prevents malware from using the fundamental services provided by an operating system by uniquely diversifying internal interfaces and propagating the information only to trusted programs. There are three main internal interfaces in operating systems that have been diversified in previous studies: (1) system calls (2) library functions and (3) shell commands. Based on previous studies and our own work, we implemented diversification for all interfaces in order to test their suitability and feasibility for real-world use. All three solutions enhanced the multi-layer security of the testing environment with little to no cost on system performance. However, maintaining such diversification tools might be troublesome in large and complex systems where new software is frequently added and software versions are updated. Thus, the solutions would be ideal for IoT devices and other smaller systems which rarely require updating, as well as restricted and static systems and critical systems with high-security requirements.