SoK: Automated Software Diversity

Slides:

Advertisements

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

Advertisements

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Anti-Cheating Mechanisms for Computer Games Michael Rudolph Jason Cook.

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Moving Target Defense in Cyber Security

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

Memory Attacks and Protection through Software Diversity

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

MotoHawk Training Model-Based Design of Embedded Systems.

Barracuda Web Application Firewall

Chapter 1 – Introduction

Software Evolution Managing the processes of software system change

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

1 UCR Firmware Attacks and Security introduction.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

KGuard: Lightweight Kernel Protection against Return-to-User Attacks Authors: Vasileios P. Kemerlis Georgios Portokalidis Angelos D. Keromytis Presenter:

Learning, Monitoring, and Repair in Application Communities Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts Institute.

{ Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida, Anton Kuijsten & Andrew S.Tanenbaum.

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Vikram Reddy Enukonda.

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum.

Metadata driven application for data processing – from local toward global solution Rudi Seljak Statistical Office of the Republic of Slovenia.

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.

Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Chapter 8 System Management Semester 2. Objectives  Evaluating an operating system  Cooperation among components  The role of memory, processor,

Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.

Be in the know Visual Intercept Project from Elsinore Technologies David Hershman Regional Sales Manager

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

Language-Based Information- Flow Security (Sabelfeld and Myers) “Practical methods for controlling information flow have eluded researchers for some time.”

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,

Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

Compilers and Security

Focused obfuscation for 1-day attack delaying

INTRODUCTION CHARLES MUIRURI

Remix: On-demand Live Randomization

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Web Application Protection Against Hackers and Vulnerabilities

Middleware Policies for Intrusion Tolerance

Secure Software Confidentiality Integrity Data Security Authentication

Operating System Protection Through Program Evolution

New Cache Designs for Thwarting Cache-based Side Channel Attacks

nZDC: A compiler technique for near-Zero silent Data Corruption

Software Processes (a)

Maintaining software solutions

End-to-End REST Service Testing Automation

Secure Processing On-Chip

AdaCore Technologies for Cyber Security

Brute force attacks, DDOS, Botnet, Exploit, SQL injection

Cryptography and Network Security

Presentation transcript:

SoK: Automated Software Diversity Per Larsen, Andrei Homescu, Stefan Brunthaler, Michael Franz University of California, Irvine

Abstract “...systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches. We also point to open areas and unresolved challenges. These include “hybrid solutions”, error reporting, patching, and implementation disclosure attacks on diversified software.”

Taxonomy of Attacks Information Leaks Side Channel Attacks Memory Corruption Attacks Code Injection Code Reuse Just-In-Time Attacks Program Tampering Reverse Engineering

Taxonomy of Defenses Enforcement-based Defenses Program Integrity Monitors Diversity-based Defenses Program Obfuscation

What To Diversify Instruction Level Basic Block Level Loop Level Function Level Program Level System Level

When To Diversify Implementation Compilation and Linking Installation Loading Execution Updating

Security Impact Entropy – Higher Entropy means less chance of brute force attack being successful Attack specific code analysis Logical Arguments Testing against concrete attacks

Performance Impact

Unresolved Problems Hybrid Approaches Error Reports and Patches Implementation Disclosure Measuring Efficacy Diversity as a Counter to Side Channel Attacks

Conclusion Pre-distribution approaches are easy to implement, support the widest range of transformations, and can defense against client-side attacks Post-distribution support legacy and proprietary software, amortize diversification costs, and require no changes to current distribution mechanisms.