An experimental evaluation of the assumption of independence in multiversion programming
IEEE Transactions on Software Engineering
An Experimental Evaluation of Software Redundancy as a Strategy for Improving Reliability
IEEE Transactions on Software Engineering
Operating system protection through program evolution
Computers and Security
N-Version Design Versus One Good Version
IEEE Software
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Communications of the ACM - Homeland security
Review and analysis of synthetic diversity for breaking monocultures
Proceedings of the 2004 ACM workshop on Rapid malcode
An architecture a day keeps the hacker away
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities
CISIS '08 Proceedings of the 2008 International Conference on Complex, Intelligent and Software Intensive Systems
Proceedings of the 4th ACM European conference on Computer systems
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Code obfuscation against static and dynamic reverse engineering
IH'11 Proceedings of the 13th international conference on Information hiding
Resilience is more than availability
Proceedings of the 2011 workshop on New security paradigms workshop
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks
Proceedings of the 28th Annual Computer Security Applications Conference
ChameleonSoft: Software Behavior Encryption for Moving Target Defense
Mobile Networks and Applications
Moving target defense (MTD) in an adaptive execution environment
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
We contend that the time has come to revisit the idea of software diversity for defense purposes. Four fundamental paradigm shifts that have occurred in the past decade now make it viable to distribute a unique version of every program to every user. We outline a practical approach for providing compiler-generated software diversity on a massive scale. It is based on an "App Store" containing a diversification engine (a "multicompiler") that automatically generates a unique, but functionally identical version of every program each time that a downloader requests it. All the different versions of the same program behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, any specific attack will succeed only on a small fraction of targets. An attacker would require a large number of different attacks and would have no way of knowing a priori which specific attack will succeed on which specific target. Hence, the cost to the attacker is raised dramatically. Equally importantly, our approach makes it much more difficult for an attacker to generate attack vectors by way of reverse engineering of security patches. An attacker requires two pieces of information to extract a vulnerability from a bug fix: the version of the program that is vulnerable and the specific patch that fixes the vulnerability. In an environment in which software is diversified and every instance of every program is unique, we can set things up so that the attacker never obtains a matching pair of vulnerable program and its corresponding bug fix that could be used to identify the vulnerability. We propose a mechanism for incremental updating of diversified software that has this property.