Constraint-Based Software Diversification for Efficient Mitigation of Code-Reuse Attacks

Abstract: Modern software deployment process produces software that is uniform, and hence vulnerable to large-scale code-reuse attacks. Compiler-based diversification improves the resilience and security of software systems by automatically generating different assembly code versions of a given program. Existing techniques are efficient but do not have a precise control over the quality of the generated code variants.This paper introduces Diversity by Construction (DivCon), a constraint-based compiler approach to softwa… Show more

“…• an experimental demonstration of the effectiveness of LNS at generating highly diverse solutions efficiently; • the evaluation of DivCon on a wide set of benchmarks of different sizes, including large functions of up to 500 instructions; • a quantitative assessment of the technique to mitigate code-reuse attacks effectively, while preserving high code quality; and • a publicly available tool for constraint-based software diversification 1 . This paper extends our previous work (Tsoupidi, Castañeda Lozano, & Baudry, 2020). We extend our investigation of LNS for code diversification with Decomposition-based Large Neighborhood Search (DLNS) (Sections 3.2, 4.2, and 4.4), a specific LNS-based approach for generating diverse solutions for larger programs.…”

“…The relax rate is selected empirically based on preliminary experiments (Appendix A). Note that in our previous paper (Tsoupidi et al, 2020), the best relax rate on a different benchmark set was found to be 70%. This suggests that the optimal relax rate depends on the properties of the program under compilation, where the number of instructions appears to be a significant factor.…”

Constraint-based Diversification of JOP Gadgets

“…• an experimental demonstration of the effectiveness of LNS at generating highly diverse solutions efficiently; • the evaluation of DivCon on a wide set of benchmarks of different sizes, including large functions of up to 500 instructions; • a quantitative assessment of the technique to mitigate code-reuse attacks effectively, while preserving high code quality; and • a publicly available tool for constraint-based software diversification 1 . This paper extends our previous work (Tsoupidi, Castañeda Lozano, & Baudry, 2020). We extend our investigation of LNS for code diversification with Decomposition-based Large Neighborhood Search (DLNS) (Sections 3.2, 4.2, and 4.4), a specific LNS-based approach for generating diverse solutions for larger programs.…”

“…The relax rate is selected empirically based on preliminary experiments (Appendix A). Note that in our previous paper (Tsoupidi et al, 2020), the best relax rate on a different benchmark set was found to be 70%. This suggests that the optimal relax rate depends on the properties of the program under compilation, where the number of instructions appears to be a significant factor.…”

Constraint-based Diversification of JOP Gadgets

“…This lack of clarity means that designers of bug-finding tools lack a general test for deciding whether (or in what context) a given bug pattern is appropriate. The impact of this question extends beyond bug finding: as we make progress in synthesising code [20], in mining and applying bug fixes [21], and in other strategies for manually or automatically evolving software [22], we need to ask whether these systems can introduce new bugs.…”

Software Ticks Need No Specifications

GuiDiv: Mitigating Code-reuse Attack in an IoT Cluster Using Guided Control Flow Diversification