Genesis: A Framework for Achieving Software Component Diversity

Abstract : The Genesis project sought to provide security through the diversification of software. A major weakness with current information systems is that they use software applications that are clones of each other; a major exploitable flaw in one implies a flaw in all other similarly configured software packages. Breaking this software monoculture was the goal of the bio-inspired diversity area of DARPA's self-regenerative systems program. The Genesis project exceeded the program's goal of producing 100 functionally equivalent versions of software such that no more than 33 exhibited the same deficiency. This report presents an overview of the Genesis project, the current status of the Genesis Diversity Toolkit, and future opportunities for technical transfer and research.

[1]  Nicholas Nethercote,et al.  Dynamic Binary Analysis and Instrumentation , 2004 .

[2]  Kevin P. Lawton Bochs: A Portable PC Emulator for Unix/X , 1996 .

[3]  Crispin Cowan,et al.  FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[4]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[5]  D. Wilson The STRATUS computer system , 1986 .

[6]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[7]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[8]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[9]  Aleksandar Milenkovic,et al.  Using instruction block signatures to counter code injection attacks , 2005, CARN.

[10]  Matt Bishop,et al.  Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.

[11]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[12]  Mark Stamp,et al.  Risks of monoculture , 2004, CACM.

[13]  Richard Sharp,et al.  Abstracting application-level web security , 2002, WWW.

[14]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[15]  Jack W. Davidson,et al.  Strata: A Software Dynamic Translation Infrastructure , 2001 .

[16]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[17]  Navjot Singh,et al.  Libsafe 2.0: Detection of Format String Vulnerability Exploits , 2003 .

[18]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[19]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[20]  Salim Hariri,et al.  Randomized Instruction Set Emulation To Disrupt Binary Code Injection Attacks , 2003 .

[21]  P. Reynier,et al.  Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[22]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[23]  Harrick M. Vin,et al.  Heterogeneous networking: a new survivability paradigm , 2001, NSPW '01.

[24]  Eric Rotenberg,et al.  Slipstream processors: improving both performance and fault tolerance , 2000, SIGP.

[25]  Ruby B. Lee,et al.  A processor architecture defense against buffer overflow attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[26]  Mark Kenneth Joseph Architectural issues in fault-tolerant, secure computing systems , 1988 .

[27]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[28]  Margo I. Seltzer,et al.  An architecture a day keeps the hacker away , 2005, CARN.

[29]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[30]  Jon Erickson,et al.  Hacking: The Art of Exploitation , 2008 .

[31]  Miodrag Potkonjak,et al.  Enabling trusted software integrity , 2002, ASPLOS X.

[32]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[33]  David W. Litchfield Variations in Exploit methods between Linux and Windows , 2003 .

[34]  David Thomas,et al.  Programming Ruby: the pragmatic programmer's guide , 2000 .

[35]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[36]  Andy Oram,et al.  Understanding the Linux Kernel, Second Edition , 2002 .

[37]  Kenneth C. Knowlton,et al.  A Combination Hardware-Software Debugging System , 1968, IEEE Transactions on Computers.

[38]  Frederic T. Chong,et al.  Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities , 2005, DIMVA.

[39]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[40]  Mary Lou Soffa,et al.  Retargetable and reconfigurable software dynamic translation , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[41]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[42]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[43]  Naveen Kumar,et al.  Flexible Instrumentation for Software Dynamic Translation , .

[44]  Karl N. Levitt,et al.  Learning Unknown Attacks - A Start , 2002, RAID.

[45]  Dan Grossman,et al.  Preventing format-string attacks via automatic and efficient dynamic checking , 2005, CCS '05.

[46]  A. Jefferson Offutt,et al.  Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.

[47]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[48]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[49]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[50]  Jack W. Davidson,et al.  Secure and practical defense against code-injection attacks using software dynamic translation , 2006, VEE '06.

[51]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[52]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[53]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[54]  George Varghese,et al.  Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[55]  Carla E. Brodley,et al.  Detection and prevention of stack buffer overflow attacks , 2005, CACM.

[56]  Kenneth P. Birman,et al.  Replication and fault-tolerance in the ISIS system , 1985, SOSP '85.

[57]  Debin Gao,et al.  Behavioral Distance for Intrusion Detection , 2005, RAID.

[58]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[59]  Tzi-cker Chiueh,et al.  A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[60]  Karl N. Levitt,et al.  The design and implementation of an intrusion tolerant system , 2002, Proceedings International Conference on Dependable Systems and Networks.

[61]  Fred B. Schneider,et al.  Distributed Trust: Supporting Fault-tolerance and Attack-tolerance , 2004 .

[62]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[63]  Derek Bruening,et al.  An infrastructure for adaptive dynamic optimization , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[64]  Dawn Song,et al.  Mitigating buffer overflows by operating system randomization , 2002 .

[65]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[66]  De BosschereKoen,et al.  Link-time optimization of ARM binaries , 2004 .

[67]  Koen De Bosschere,et al.  Link-time optimization of ARM binaries , 2004, LCTES '04.

[68]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[69]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[70]  Mikhail J. Atallah,et al.  A Survey of Anti-Tamper Technologies , 2004 .

[71]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[72]  Angelos D. Keromytis,et al.  A Dynamic Mechanism for Recovering from Buffer Overflow Attacks , 2005, ISC.

[73]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[74]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[75]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[76]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .

[77]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[78]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[79]  Jack W. Davidson,et al.  Safe virtual execution using software dynamic translation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[80]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[81]  Harish Sethu,et al.  On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.

[82]  Bruce R. Childers,et al.  Compact binaries with code compression in a software dynamic translator , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[83]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[84]  K. Sundaramoorthy,et al.  Slipstream processors: improving both performance and fault tolerance , 2000, SIGP.

[85]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[86]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[87]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[88]  D. Jewett,et al.  Integrity S2: A Fault-Tolerant Unix Platform , 1991, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..