Search
  Advanced Search
 
Journal search
Journal cover: Information Management & Computer Security

Information Management & Computer Security

ISSN: 0968-5227

Online from: 1993

Subject Area: Information and Knowledge Management

Content: Latest Issue | icon: RSS Latest Issue RSS | Previous Issues

 

Icon: .Table of Contents.Icon: .

Revisiting the myth of Cisco IOS diversity: recent advances in reliable shellcode design


Document Information:
Title:Revisiting the myth of Cisco IOS diversity: recent advances in reliable shellcode design
Author(s):Ang Cui, (Department of Computer Science, Columbia University, New York City, New York, USA), Jatin Kataria, (Department of Computer Science, Columbia University, New York City, New York, USA), Salvatore J. Stolfo, (Department of Computer Science, Columbia University, New York City, New York, USA)
Citation:Ang Cui, Jatin Kataria, Salvatore J. Stolfo, (2013) "Revisiting the myth of Cisco IOS diversity: recent advances in reliable shellcode design", Information Management & Computer Security, Vol. 21 Iss: 2, pp.121 - 138
Keywords:Cisco IOS rootkit, Embedded device exploitation, Firmware, Interrupt-hijack shellcode
Article type:Research paper
DOI:10.1108/IMCS-09-2012-0046 (Permanent URL)
Publisher:Emerald Group Publishing Limited
Acknowledgements:This work was partially supported by DARPA Contract, CRASH Program, SPARCHS, FA8750-10-2-0253.
Abstract:

Purpose – IOS firmware diversity, the unintended consequence of a complex firmware compilation process, has historically made reliable exploitation of Cisco routers difficult. With approximately 300,000 unique IOS images in existence, a new class of version-agnostic shellcode is needed in order to make the large-scale exploitation of Cisco IOS possible. The purpose of this paper is to show that such attacks are now feasible by demonstrating two different reliable shellcodes that will operate correctly over many Cisco hardware platforms and all known IOS versions.

Design/methodology/approach – The paper examines prior work in the area of Cisco IOS rootkits and constructs a novel IOS version-agnostic rootkit called the interrupt-hijack rootkit.

Findings – As the experimental results show, the techniques proposed in this paper can reliably inject command and control capabilities into arbitrary IOS images in a version-agnostic manner.

Originality/value – The authors believe that the technique presented in this paper overcomes an important hurdle in the large-scale, reliable rootkit execution within Cisco IOS. Thus, effective host-based defence for such routers is imperative for maintaining the integrity of our global communication infrastructures.



Fulltext Options:

Login

Login

Existing customers: login
to access this document

Login


- Forgot password?
- Athens/Institutional login

Purchase

Purchase

Downloadable; Printable; Owned
HTML, PDF (535kb)

Due to our platform migration, pay-per-view is temporarily unavailable.

To purchase this item please login or register.

Login


- Forgot password?

Recommend to your librarian

Complete and print this form to request this document from your librarian


Marked list


Bookmark & share

Reprints & permissions