Abstracted and indexed in:
Future:
Universal Windows Platform (UWP) is the Microsoft’s recent platform-homogeneous application architecture. It al-lows a code to run on variety of devices including PC, mobile devices, etc., without needing to be rewritten or recompiled. UWP apps are becoming more and more popular and consequently this new application platform is becoming the next attack target for hackers and malware developers. In this paper, we first study the issue of host-based code injection attacks (HBCIA) in UWP apps. We show that de-spite the embedded mechanisms in UWP to maintain code integrity and to only allow legitimate DLLs to be loaded in memory, it is still possible to circumvent the defensive mechanisms and launch a variant of HBCIA called Reflective DLL Injection on UWP apps. We then propose a novel defence mechanism against reflective DLL injection attacks on UWP apps. Our proposed method can detect malicious/benign injection attempts on UWP apps and prevents malicious injections while allowing the benign injections to proceed as normal. Our experiments show that the proposed defence has less than 1% impact on system’s overall performance and can be used inside anti-virus (AV) products to strengthen their protection capabilities.
Mojtaba Zaheri
APA Research Center
Amirkabir University of Technology
Iran
Salman Niksefat
APA Research Center
Amirkabir University of Technology
Iran
Babak Sadeghiyan
APA Research Center
Amirkabir University of Technology
Iran
POWERED BY
PARTNERS
