52 research outputs found
Adaptive just-in-time code diversification
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and to update the diversification frequently during the execution of the program. This way, we can significantly reduce the time frame in which attackers can let a program leak useful address space information and subsequently use the leaked information in memory exploits. A proof of concept implementation is evaluated, showing that even though code is recompiled frequently, we can achieved smaller overheads than the previous state of the art, which generated diversity only once during the whole execution of a program
Algorithm Diversity for Resilient Systems
Diversity can significantly increase the resilience of systems, by reducing
the prevalence of shared vulnerabilities and making vulnerabilities harder to
exploit. Work on software diversity for security typically creates variants of
a program using low-level code transformations. This paper is the first to
study algorithm diversity for resilience. We first describe how a method based
on high-level invariants and systematic incrementalization can be used to
create algorithm variants. Executing multiple variants in parallel and
comparing their outputs provides greater resilience than executing one variant.
To prevent different parallel schedules from causing variants' behaviors to
diverge, we present a synchronized execution algorithm for DistAlgo, an
extension of Python for high-level, precise, executable specifications of
distributed algorithms. We propose static and dynamic metrics for measuring
diversity. An experimental evaluation of algorithm diversity combined with
implementation-level diversity for several sequential algorithms and
distributed algorithms shows the benefits of algorithm diversity
Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics
Moving Target Defense (MTD) can enhance the resilience of cyber systems
against attacks. Although there have been many MTD techniques, there is no
systematic understanding and {\em quantitative} characterization of the power
of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to
characterize the power of MTD. We define and investigate two complementary
measures that are applicable when the defender aims to deploy MTD to achieve a
certain security goal. One measure emphasizes the maximum portion of time
during which the system can afford to stay in an undesired configuration (or
posture), without considering the cost of deploying MTD. The other measure
emphasizes the minimum cost of deploying MTD, while accommodating that the
system has to stay in an undesired configuration (or posture) for a given
portion of time. Our analytic studies lead to algorithms for optimally
deploying MTD.Comment: 12 pages; 4 figures; Hotsos 14, 201
Software Protection
A computer system's security can be compromised in many ways a denial-of-service attack can make a server inoperable, a worm can destroy a user's private data, or an eavesdrop per can reap financial rewards by inserting himself in the communication link between a customer and her bank through a man-in-the-middle (MITM) attack. What all these scenarios have in common is that the adversary is an untrusted entity that attacks a system from the outside-we assume that the computers under attack are operated by benign and trusted users. But if we remove this assumption, if we allow anyone operating a computer system- from system administrators down to ordinary users-to compromise that system's security, we find ourselves in a scenario that has received comparatively little attention. Methods for protecting against MATE attacks are variously known as anti-tamper techniques, digital asset protection, or, more
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
- …