The Community for Technology Leaders
Green Image
Issue No. 02 - March-April (2017 vol. 14)
ISSN: 1545-5971
pp: 158-171
Andrei Homescu , Information and Computer Sciences, University of California, Irvine, CA
Todd Jackson , Google
Stephen Crane , Information and Computer Sciences, University of California, Irvine, CA
Stefan Brunthaler , Information and Computer Sciences, University of California, Irvine, CA
Per Larsen , Information and Computer Sciences, University of California, Irvine, CA
Michael Franz , Information and Computer Sciences, University of California, Irvine, CA
ABSTRACT
The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability implied by our software monoculture. Besides describing an industrial-strength implementation of automated software diversity, we introduce methods to objectively measure the effectiveness of diversity in general, and its potential to eliminate code-reuse attacks in particular.
INDEX TERMS
Security, Entropy, Programming, Browsers, Operating systems, Program processors,code reuse attacks, Biologically-inspired defenses, artificial software diversity, return-oriented programming, jump-oriented programming
CITATION
Andrei Homescu, Todd Jackson, Stephen Crane, Stefan Brunthaler, Per Larsen, Michael Franz, "Large-Scale Automated Software Diversity—Program Evolution Redux", IEEE Transactions on Dependable and Secure Computing, vol. 14, no. , pp. 158-171, March-April 2017, doi:10.1109/TDSC.2015.2433252
264 ms
(Ver 3.3 (11022016))