Search Based Clustering for Protecting Software with Diversified Updates

Reverse engineering is usually the stepping stone of a variety of attacks aiming at identifying sensitive information (keys, credentials, data, algorithms) or vulnerabilities and flaws for broader exploitation. Software applications are usually deployed as identical binary code installed on millions of computers, enabling an adversary to develop a generic reverse-engineering strategy that, if working on one code instance, could be applied to crack all the other instances. A solution to mitigate this problem is represented by Software Diversity, which aims at creating several structurally different (but functionally equivalent) binary code versions out of the same source code, so that even if a successful attack can be elaborated for one version, it should not work on a diversified version. In this paper, we address the problem of maximizing software diversity from a search-based optimization point of view. The program to protect is subject to a catalogue of transformations to generate many candidate versions. The problem of selecting the subset of most diversified versions to be deployed is formulated as an optimisation problem, that we tackle with different search heuristics. We show the applicability of this approach on some popular Android apps.

[1]  Claire Le Goues,et al.  GenProg: A Generic Method for Automatic Software Repair , 2012, IEEE Transactions on Software Engineering.

[2]  Margo I. Seltzer,et al.  An architecture a day keeps the hacker away , 2005, CARN.

[3]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[4]  Per Larsen,et al.  Security through Diversity: Are We There Yet? , 2014, IEEE Security & Privacy.

[5]  Paolo Falcarin,et al.  Guest Editors' Introduction: Software Protection , 2011, IEEE Software.

[6]  Ahmad-Reza Sadeghi,et al.  XIFER: A Software Diversity Tool Against Code-Reuse Attacks , 2012 .

[7]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[8]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[9]  Elisa Bertino,et al.  Marlin: A Fine Grained Randomization Approach to Defend against ROP Attacks , 2013, NSS.

[10]  Christian S. Collberg,et al.  Detecting Software Theft via Whole Program Path Birthmarks , 2004, ISC.

[11]  Bart Coppens,et al.  Feedback-driven binary code diversification , 2013, TACO.

[12]  Koen De Bosschere,et al.  Software piracy prevention through diversity , 2004, DRM '04.

[13]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[14]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[15]  Alfonso Ortega,et al.  Common Pitfalls Using the Normalized Compression Distance: What to Watch Out for in a Compressor , 2005, Commun. Inf. Syst..

[16]  K. De Bosschere,et al.  DIABLO: a reliable, retargetable and extensible link-time rewriting framework , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[17]  Phil McMinn,et al.  Search‐based software test data generation: a survey , 2004, Softw. Test. Verification Reliab..

[18]  Paolo Falcarin,et al.  A large study on the effect of code obfuscation on the quality of java code , 2015, Empirical Software Engineering.

[19]  Mark Stamp,et al.  Hunting for metamorphic engines , 2006, Journal in Computer Virology.

[20]  Giuliano Antoniol,et al.  Comparison and Evaluation of Clone Detection Tools , 2007, IEEE Transactions on Software Engineering.

[21]  Takeo Hariu,et al.  Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks , 2012, ACSAC '12.

[22]  Jack W. Davidson,et al.  Security through Diversity: Leveraging Virtual Machine Technology , 2009, IEEE Security & Privacy.

[23]  Claire Le Goues,et al.  Automatically finding patches using genetic programming , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[24]  James E. Just,et al.  Review and analysis of synthetic diversity for breaking monocultures , 2004, WORM '04.

[25]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[26]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[27]  Gordon Fraser,et al.  On Parameter Tuning in Search Based Software Engineering , 2011, SSBSE.

[28]  T. Neumann Computers And Intractability A Guide To The Theory Of Np Completeness , 2016 .

[29]  A. Capiluppi,et al.  Code Defactoring: Evaluating the Effectiveness of Java Obfuscations , 2012, 2012 19th Working Conference on Reverse Engineering.

[30]  Michael Franz,et al.  E unibus pluram: massive-scale software diversity as a defense mechanism , 2010, NSPW '10.

[31]  Yuanyuan Zhang,et al.  The App Sampling Problem for App Store Mining , 2015, 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories.