If you are experiencing problems downloading PDF or HTML fulltext, our helpdesk recommend clearing your browser cache and trying again. If you need help in clearing your cache, please click here . Still need help? Email help@ingentaconnect.com

Revisiting the myth of Cisco IOS diversity: recent advances in reliable shellcode design

$60.93 plus tax (Refund Policy)

Buy Article:

Abstract:

Purpose ‐ IOS firmware diversity, the unintended consequence of a complex firmware compilation process, has historically made reliable exploitation of Cisco routers difficult. With approximately 300,000 unique IOS images in existence, a new class of version-agnostic shellcode is needed in order to make the large-scale exploitation of Cisco IOS possible. The purpose of this paper is to show that such attacks are now feasible by demonstrating two different reliable shellcodes that will operate correctly over many Cisco hardware platforms and all known IOS versions. Design/methodology/approach ‐ The paper examines prior work in the area of Cisco IOS rootkits and constructs a novel IOS version-agnostic rootkit called the interrupt-hijack rootkit. Findings ‐ As the experimental results show, the techniques proposed in this paper can reliably inject command and control capabilities into arbitrary IOS images in a version-agnostic manner. Originality/value ‐ The authors believe that the technique presented in this paper overcomes an important hurdle in the large-scale, reliable rootkit execution within Cisco IOS. Thus, effective host-based defence for such routers is imperative for maintaining the integrity of our global communication infrastructures.

Keywords: Cisco IOS rootkit; Embedded device exploitation; Firmware; Interrupt-hijack shellcode

Document Type: Research Article

DOI: http://dx.doi.org/10.1108/IMCS-09-2012-0046

Publication date: June 7, 2013

Related content

Share Content

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
X
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more