On the effectiveness of the metamorphic shield

Authors:
Anh Nguyen-Tuong;Andrew Wang;Jason D. Hiser;John C. Knight;Jack W. Davidson
Affiliations:
University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA;University of Virginia, Charlottesville, VA
Venue:
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Year:
2010

Citing 9
Cited 3

Countering code-injection attacks with instruction-set randomization

Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization

Proceedings of the 11th ACM conference on Computer and communications security
Randomized instruction set emulation

ACM Transactions on Information and System Security (TISSEC)
Secure and practical defense against code-injection attacks using software dynamic translation

Proceedings of the 2nd international conference on Virtual execution environments
Where's the FEEB? the effectiveness of instruction set randomization

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Security through Diversity: Leveraging Virtual Machine Technology

IEEE Security and Privacy
Breaking the memory secrecy assumption

Proceedings of the Second European Workshop on System Security
On the General Applicability of Instruction-Set Randomization

IEEE Transactions on Dependable and Secure Computing

PEASOUP: preventing exploits against software of uncertain provenance (position paper)

Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Diversity

Dependable and Historic Computing
ChameleonSoft: Software Behavior Encryption for Moving Target Defense

Mobile Networks and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we determine analytically the effectiveness of dynamic artificial diversity, i.e., artificial diversity in which the subject of the diversity is re-randomized periodically and mechanically. We refer to a mechanism that implements dynamic diversity as a Metamorphic Shield since this mechanism applies metamorphosis to the system's attack surface to try to shield the system from certain attacks. Contrary to intuition, our analysis reveals that dynamic diversity appears to provide limited benefit except in special cases. In particular, it offers benefit for attacks that seek to leak information. We present a case study of the use of dynamic diversity applied to Instruction Set Randomization that is subject to an incremental attack on the key.