The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability implied by our software monoculture. Besides describing an industrial-strength implementation of automated software diversity, we introduce methods to objectively measure the effectiveness of diversity in general, and its potential to eliminate code-reuse attacks in particular.
code reuse attacks, Biologically-inspired defenses, artificial software diversity, return-oriented programming, jump-oriented programming,
Andrei Homescu, Todd Jackson, Stephen Crane, Stefan Brunthaler, Per Larsen, Michael Franz, "Large-scale Automated Software Diversity—Program Evolution Redux", IEEE Transactions on Dependable and Secure Computing, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/TDSC.2015.2433252