Independence from obfuscation: A semantic framework for diversity

A set of replicas is diverse to the extent that they implement the same functionality but differ in their implementation details. Diverse replicas are less likely to succumb to the same attacks, when attacks depend on memory layout and/or other implementation details. Recent work advocates using mechanical means, such as program rewriting, to create such diversity. A correspondence between the specific transformations being employed and the attacks they defend against is often provided, but little has been said about the overall effectiveness of diversity per se in defending against attacks. With this broader goal in mind, this paper gives a precise characterization of attacks, applicable to viewing diversity as a defense, and also shows how mechanically-generated diversity compares to a well-understood defense: type checking.

[1]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[2]  Nathanael Paul,et al.  Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.

[3]  Dave E. Eckhardt,et al.  A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.

[4]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[5]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[6]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[7]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[8]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[9]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[10]  Elena Gabriela Barrantes,et al.  Known/Chosen Key Attacks against Software Instruction Set Randomization , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[11]  Bev Littlewood,et al.  Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..

[12]  Steve Zdancewic,et al.  Translating dependency into parametricity , 2004, ICFP '04.

[13]  Michael I. Jordan,et al.  Statistical debugging: simultaneous identification of multiple bugs , 2006, ICML '06.

[14]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[15]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[16]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[17]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[18]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[19]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, SIGP.

[20]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[21]  Jr. Hartley Rogers Theory of Recursive Functions and Effective Computability , 1969 .

[22]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[23]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[24]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[25]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[26]  Insup Lee,et al.  Statistical Runtime Checking of Probabilistic Properties , 2007, RV.

[27]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).