Theory of recursive functions and effective computability
Theory of recursive functions and effective computability
Conceptual Modeling of Coincident Failures in Multiversion Software
IEEE Transactions on Software Engineering
Constant propagation with conditional branches
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Breaking Abstractions and Unstructuring Data Structures
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
Journal of Functional Programming
Translating dependency into parametricity
Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
On the Impossibility of Obfuscation with Auxiliary Input
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Statistical debugging: simultaneous identification of multiple bugs
ICML '06 Proceedings of the 23rd international conference on Machine learning
Known/Chosen Key Attacks against Software Instruction Set Randomization
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors
IEEE Transactions on Software Engineering
Statistical runtime checking of probabilistic properties
RV'07 Proceedings of the 7th international conference on Runtime verification
On layout randomization for arrays and functions
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Layout Randomization and Nondeterminism
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
A set of replicas is diverse to the extent that they implement the same functionality but differ in their implementation details. Diverse replicas are less likely to succumb to the same attacks, when attacks depend on memory layout and/or other implementation details. Recent work advocates using mechanical means, such as program rewriting, to create such diversity. A correspondence between the specific transformations being employed and the attacks they defend against is often provided, but little has been said about the overall effectiveness of diversity per se in defending against attacks. With this broader goal in mind, this paper gives a precise characterization of attacks, applicable to viewing diversity as a defense, and also shows how mechanically-generated diversity compares to a well-understood defense: type checking.