• Corpus ID: 18441682

Algorithmic Diversity for Software Security

@article{Stewart2013AlgorithmicDF,
  title={Algorithmic Diversity for Software Security},
  author={Michael Stewart},
  journal={ArXiv},
  year={2013},
  volume={abs/1312.3891}
}
Software diversity protects against a modern-day exploits such as code-reuse attacks. When an attacker designs a code-reuse attack on an example executable, it relies on replicating the target environment. With software diversity, the attacker cannot reliably replicate their target. This is a security benefit which can be applied to massive-scale software distribution. When applied to large-scale communities, an invested attacker may perform analysis of samples to improve the chances of a… 
View PDF on arXiv
3 Citations

3 Citations

Application of compiler transformations against software vulnerabilities exploitation
Software vulnerabilities are a serious threat for security of information systems. Any software written in C/C++ contain considerable amount of vulnerabilities. Some of them can be used by attackers
Diversification and obfuscation techniques for software security: A systematic literature review
Применение компиляторных преобразований для противодействия эксплуатации уязвимостей программного обеспечения
TLDR
Several compiler protection techniques against vulnerability exploitation are proposed: function reordering, insertion of additional dummy variables into stack, local variables permutation on the stack, and diversified transformations were implemented in GCC.

References

SHOWING 1-7 OF 7 REFERENCES
On the design, implications, and effects of implementing software diversity for security
TLDR
The compiler focuses on a particular class of code-reuse attacks, where attackers utilize the code already present in an executable and does so in a way that is transparent to both developers and users.
E unibus pluram: massive-scale software diversity as a defense mechanism
TLDR
This work contends that the time has come to revisit the idea of software diversity for defense purposes, and proposes a mechanism for incremental updating of diversified software that has this property.
Jump-oriented programming: a new class of code-reuse attack
TLDR
This paper introduces a new class of code-reuse attack, called jump-oriented programming, which eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return- oriented programming without sacrificing expressive power.
Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats
TLDR
The fundamental challenges facing the research community are described and new promising solution paths are identified and an advantage afforded to attackers is reversed and reverses it to advantage defenders.
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
  • H. Shacham
  • Computer Science, Mathematics
    CCS '07
  • 2007
TLDR
A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.
A Mathematical Theory of Communication
TLDR
It is proved that the authors can get some positive data rate that has the same small error probability and also there is an upper bound of the data rate, which means they cannot achieve the data rates with any encoding scheme that has small enough error probability over the upper bound.
Sqlite3 speed comparison
  • Sqlite3 speed comparison