An interpretation of the notion of software diversity is based on the concept of diversified process replicæ. We define pr as the replica of a process p which behaves identically to p but has some “structural ” diversity from it. This makes possible to detect memory corruption attacks in a deterministic way. In our solution, p and pr differ in their address space which is properly diversified, thus defeating absolute and partial overwriting memory error exploits. We also give a characterization and a preliminary solution for shared memory management, one of the biggest practical issue introduced by this approach. Speculation on how to deal with synchronous signals delivery is faced as well. A user space proof-of-concept prototype has been implemented. Experimental results show a 68.93 % throughput slowdown on a worst-case, while experiencing only a 1.20 % slowdown on a best-case. 1
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.