Automated Software Diversity

Vulnerabilities in low-level systems software leave users exposed to malware, theft, and monitoring. Automatic software diversity makes weaponization of these vulnerabilities much harder. The premise of software diversity is simple: randomizing program features conceals them from adversaries; however, securely and transparently implementing automatic software diversity is anything but simple.

[1]  Fred B. Schneider,et al.  Independence from obfuscation: A semantic framework for diversity , 2010, J. Comput. Secur..

[2]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[3]  Mary Lou Soffa,et al.  Retargetable and reconfigurable software dynamic translation , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[4]  Emery D. Berger,et al.  DieHarder: securing the heap , 2010, CCS '10.

[5]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[6]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[7]  E AndersonThomas,et al.  Efficient software-based fault isolation , 1993 .

[8]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[9]  F. J. Corbató,et al.  Introduction and overview of the multics system , 1965, AFIPS '65 (Fall, part I).

[10]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[11]  Dan Boneh,et al.  Address space randomization for mobile devices , 2011, WiSec '11.

[12]  Lorenzo Martignoni,et al.  Surgically Returning to Randomized lib(c) , 2009, 2009 Annual Computer Security Applications Conference.

[13]  Ben Niu,et al.  RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity , 2014, CCS.

[14]  Per Larsen,et al.  Opaque Control-Flow Integrity , 2015, NDSS.

[15]  Jack W. Davidson,et al.  ILR: Where'd My Gadgets Go? , 2012, 2012 IEEE Symposium on Security and Privacy.

[16]  Kevin W. Hamlen,et al.  Securing untrusted code via compiler-agnostic binary rewriting , 2012, ACSAC '12.

[17]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[18]  Per Larsen,et al.  Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks , 2015, CCS.

[19]  Dawn Xiaodong Song,et al.  SoK: Eternal War in Memory , 2013, 2013 IEEE Symposium on Security and Privacy.

[20]  Hovav Shacham,et al.  When good instructions go bad: generalizing return-oriented programming to RISC , 2008, CCS.

[21]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[22]  Per Larsen,et al.  Diversifying the Software Stack Using Randomized NOP Insertion , 2013, Moving Target Defense.

[23]  Ben Niu,et al.  Modular control-flow integrity , 2014, PLDI.

[24]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[25]  Rajeev Barua,et al.  A compiler-level intermediate representation based binary analysis and rewriting system , 2013, EuroSys '13.

[26]  Per Larsen,et al.  Readactor: Practical Code Randomization Resilient to Memory Disclosure , 2015, 2015 IEEE Symposium on Security and Privacy.

[27]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[28]  Angelos D. Keromytis,et al.  Hydan: Hiding Information in Program Binaries , 2004, ICICS.

[29]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[30]  Easwaran Raman,et al.  MAO — An extensible micro-architectural optimizer , 2011, International Symposium on Code Generation and Optimization (CGO 2011).

[31]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[32]  Dan Boneh,et al.  Hacking Blind , 2014, 2014 IEEE Symposium on Security and Privacy.

[33]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[34]  Chao Zhang,et al.  Practical Control Flow Integrity and Randomization for Binary Executables , 2013, 2013 IEEE Symposium on Security and Privacy.

[35]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[36]  Michael Franz,et al.  E unibus pluram: massive-scale software diversity as a defense mechanism , 2010, NSPW '10.

[37]  Xi Chen,et al.  StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries , 2015, NDSS.

[38]  Takeo Hariu,et al.  Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks , 2012, ACSAC '12.

[39]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[40]  Herbert Bos,et al.  Out of Control: Overcoming Control-Flow Integrity , 2014, 2014 IEEE Symposium on Security and Privacy.

[41]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[42]  Ahmad-Reza Sadeghi,et al.  Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming , 2015, NDSS.

[43]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[44]  Frank Piessens,et al.  Breaking the memory secrecy assumption , 2009, EUROSEC '09.

[45]  Ahmad-Reza Sadeghi,et al.  Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM , 2013, ASIA CCS '13.

[46]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[47]  Per Larsen,et al.  Booby trapping software , 2013, NSPW '13.

[48]  Peng Liu,et al.  A Practical Approach for Adaptive Data Structure Layout Randomization , 2015, ESORICS.

[49]  Moritz Contag,et al.  Evaluating the Effectiveness of Current Anti-ROP Defenses , 2014, RAID.

[50]  William W. Streilein,et al.  Timely Rerandomization for Mitigating Memory Disclosures , 2015, CCS.

[51]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[52]  Xuxian Jiang,et al.  On the Expressiveness of Return-into-libc Attacks , 2011, RAID.

[53]  Per Larsen,et al.  Librando: transparent code randomization for just-in-time compilers , 2013, CCS.

[54]  Per Larsen,et al.  Security through Diversity: Are We There Yet? , 2014, IEEE Security & Privacy.

[55]  Wouter Joosen,et al.  HeapSentry: Kernel-Assisted Protection against Heap Overflows , 2013, DIMVA.

[56]  M. Castro,et al.  Data Randomization , 2008 .

[57]  Brian Randell System structure for software fault tolerance , 1975 .

[58]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[59]  Per Larsen,et al.  Profile-guided automated software diversity , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[60]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[61]  Lei Duan,et al.  INSeRT: Protect Dynamic Code Generation against spraying , 2011, International Conference on Information Science and Technology.

[62]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[63]  Christian S. Collberg,et al.  Distributed application tamper detection via continuous software updates , 2012, ACSAC '12.

[64]  Elisa Bertino,et al.  Marlin: Mitigating Code Reuse Attacks Using Code Randomization , 2015, IEEE Transactions on Dependable and Secure Computing.

[65]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[66]  Ramarathnam Venkatesan,et al.  The Superdiversifier: Peephole Individualization for Software Protection , 2008, IWSEC.

[67]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[68]  Jack W. Davidson,et al.  Profile guided code positioning , 1990, SIGP.

[69]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[70]  Per Larsen,et al.  It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks , 2015, CCS.

[71]  Koen De Bosschere,et al.  Protecting Your Software Updates , 2013, IEEE Security & Privacy.

[72]  Ahmad-Reza Sadeghi,et al.  Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.

[73]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[74]  Peter G. Neumann,et al.  Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine , 2015, ASPLOS.

[75]  Jeff Seibert,et al.  Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code , 2014, CCS.

[76]  Bart Coppens,et al.  Feedback-driven binary code diversification , 2013, TACO.

[77]  Koen De Bosschere,et al.  Instruction Set Limitation in Support of Software Diversity , 2009, ICISC.

[78]  Thomas R. Gross,et al.  Fine-Grained Control-Flow Integrity Through Binary Hardening , 2015, DIMVA.

[79]  Fan Long,et al.  Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity , 2015, CCS.

[80]  Michael Backes,et al.  You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code , 2014, CCS.

[81]  Robert H. Deng,et al.  ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks , 2014, NDSS.

[82]  Peng Ning,et al.  HideM: Protecting the Contents of Userspace Memory in the Face of Disclosure Vulnerabilities , 2015, CODASPY.

[83]  Sorin Lerner,et al.  SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks , 2014, NDSS.

[84]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[85]  S. Bhatkar,et al.  Data Space Randomization , 2008, DIMVA.

[86]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).