E unibus pluram: massive-scale software diversity as a defense mechanism

@inproceedings{Franz2010EUP,
  title={E unibus pluram: massive-scale software diversity as a defense mechanism},
  author={Michael Franz},
  booktitle={NSPW '10},
  year={2010}
}
  • M. Franz
  • Published in NSPW '10 21 September 2010
  • Computer Science
We contend that the time has come to revisit the idea of software diversity for defense purposes. Four fundamental paradigm shifts that have occurred in the past decade now make it viable to distribute a unique version of every program to every user. We outline a practical approach for providing compiler-generated software diversity on a massive scale. It is based on an "App Store" containing a diversification engine (a "multicompiler") that automatically generates a unique, but functionally… 

Figures from this paper

Compiler-Generated Software Diversity

TLDR
This work argues that the compiler is at the heart of the solution for software diversity, and presents two orthogonal compiler-based techniques that make it harder for an attacker to run a successful attack.

SoK: Automated Software Diversity

TLDR
This paper systematically study the state-of-the-art in software diversity and highlights fundamental trade-offs between fully automated approaches, including "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software.

Tailored source code transformations to synthesize computationally diverse program variants

TLDR
This work addresses two objectives: comparing dierent transformations for increasing the likelihood of sosie synthe- sis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosying.

Algorithmic Diversity for Software Security

TLDR
An improvement in security is demonstrated so that a code-reuse attack based on any one variant has minimal chances of success on another and the costs of this method are analysed.

Search Based Clustering for Protecting Software with Diversified Updates

TLDR
The problem of maximizing software diversity from a search-based optimization point of view is addressed, and the problem of selecting the subset of most diversified versions to be deployed is formulated as an optimisation problem, that is tackled with different search heuristics.

Analysis of defenses against code reuse attacks on modern and new architectures

TLDR
It is found that it is possible for a program in which CFI is perfectly enforced to be exploited via a novel control flow attacks, and the potential for hardware support for CFI and other techniques via generalized tagged architectures is examined.

XIFER: A Software Diversity Tool Against Code-Reuse Attacks

TLDR
This work presents, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime.

Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks

TLDR
This work proposes a novel defensive approach called code shredding: a defensive scheme based on the idea of embedding the checksum value of a memory address as a part of itself, which hinders designation of specific address used in code-reuse attacks.

Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM

TLDR
This work proposes a randomization solution, called Xifer, that disperses all code (executable and libraries) across the whole address space, re-randomizes the address space for each run, is compatible to code signing, and does neither require offline static analysis nor source-code.

Simulation based Evaluation of a Code Diversification Strategy

TLDR
This paper describes a model of attacker-defender interaction in which the defender employs periodic randomization of a computer program’s binary code against an attacker who is actively constructing an exploit using Return Oriented Programming.
...

References

SHOWING 1-10 OF 20 REFERENCES

A Specialization Toolkit to Increase the Diversity of Operating Systems

TLDR
A specialization toolkit to improve operating system survivability against implementations attacks and the Tempo-C specializer tool, which helps programmers generate and manage diverse specialized implementations of software modules.

Transparent runtime randomization for security

  • Jun XuZ. KalbarczykR. Iyer
  • Computer Science
    22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings.
  • 2003
A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes transparent runtime randomization (TRR), a generalized approach for

Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space

TLDR
A fully functioning MVEE is built, named Orchestra, and the results show that the overall penalty of simultaneous execution and monitoring of two variants on a multi-core system averages about 15% relative to unprotected conventional execution.

An experimental evaluation of the assumption of independence in multiversion programming

TLDR
N-version programming has been proposed as a method of incorporating fault tolerance into software and it is revealed that the programs were individually extremely reliable but that the number of tests in which more than one program failed was substantially more than expected.

Review and analysis of synthetic diversity for breaking monocultures

TLDR
This work proposes a functional architecture for synthetic diversity at the executable code level that reduces the common mode failure problem in COTS applications by several orders of magnitude.

An architecture a day keeps the hacker away

TLDR
This paper outlines a possible comprehensive solution for binary-based attacks, using virtual machines, machine descriptions, and randomization to achieve broad heterogeneity at the machine level to reduce the "cost" of broad-based binary attacks.

The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)

  • H. Shacham
  • Computer Science, Mathematics
    CCS '07
  • 2007
TLDR
A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.

Building diverse computer systems

TLDR
Several methods of achieving software diversity are discussed based on randomizations that respect the specified behavior of the program, which could potentially increase the robustness of software systems with minimal impact on convenience, usability, and efficiency.

Risks of monoculture

T he W32/Blaster worm burst onto the Internet scene in August of 2003. By exploiting a buffer overflow in Windows, the worm was able to infect more than 1.4 million systems worldwide in less than a

Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection

TLDR
Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization to give thorough, scholarly coverage of an area of growing importance in computer security.