Todd Jackson scite author profile

The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability implied by our software monoculture. Besides describing an industrial-strength implementation of automated software diversity, we introduce methods to objectively measure the effectiveness of diversity in general, and its potential to eliminate code-reuse attacks in particular.Index Terms-Biologically-inspired defenses, artificial software diversity, return-oriented programming, jump-oriented programming, code reuse attacks ! 1545-5971 (c)

show abstract

Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities

Salamat

Gal

Jackson

et al. 2008

View full text Add to dashboard Cite

Runtime Defense against Code Injection Attacks Using Replicated Execution

Salamat

Jackson

Wagner

et al. 2011

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can compromise software. Multi-variant execution is an intrusion detection mechanism that executes several slightly different versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. At run time, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. We present a monitoring mechanism that does not need any kernel privileges to supervise the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multi-threaded or multi-process applications, can cause divergence in behavior of variants. These divergences cause false alarms. We provide solutions to remove these false alarms. Our experiments show that the multi-variant execution technique is effective in detecting and preventing code injection attacks. The empirical results demonstrate that dual-variant execution has on average 17% performance overhead when deployed on multi-core processors.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Todd Jackson

Compiler-Generated Software Diversity

Diversifying the Software Stack Using Randomized NOP Insertion

Large-Scale Automated Software Diversity—Program Evolution Redux

Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities

Runtime Defense against Code Injection Attacks Using Replicated Execution

Contact Info

Product

Resources

About