Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Secure and practical defense against code-injection attacks using software dynamic translation
Proceedings of the 2nd international conference on Virtual execution environments
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Security through Diversity: Leveraging Virtual Machine Technology
IEEE Security and Privacy
Breaking the memory secrecy assumption
Proceedings of the Second European Workshop on System Security
On the General Applicability of Instruction-Set Randomization
IEEE Transactions on Dependable and Secure Computing
PEASOUP: preventing exploits against software of uncertain provenance (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Dependable and Historic Computing
ChameleonSoft: Software Behavior Encryption for Moving Target Defense
Mobile Networks and Applications
Hi-index | 0.00 |
In this paper we determine analytically the effectiveness of dynamic artificial diversity, i.e., artificial diversity in which the subject of the diversity is re-randomized periodically and mechanically. We refer to a mechanism that implements dynamic diversity as a Metamorphic Shield since this mechanism applies metamorphosis to the system's attack surface to try to shield the system from certain attacks. Contrary to intuition, our analysis reveals that dynamic diversity appears to provide limited benefit except in special cases. In particular, it offers benefit for attacks that seek to leak information. We present a case study of the use of dynamic diversity applied to Instruction Set Randomization that is subject to an incremental attack on the key.