Large-Scale Automated Software Diversity—Program Evolution Redux

Homescu, Andrei; Jackson, Todd; Crane, Stephen; Brunthaler, Stefan; Larsen, Per; Franz, Michael

doi:10.1109/tdsc.2015.2433252

Cited by 31 publications

(20 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that many MTD works only consider (and show) the improvement in regards to security and either assuming that it has no impact on performance or ignore that aspect altogether. We will now discuss the details [62], [65], [75], [69], [127], [100], [70], [59], [146], [61], [65], [76], [66], [91], [71], [78], [79], [80], [147] [64], [94], [143] [72], [67] [85], [7], [58], [107], [68], [131], [118], [77], [141] [105], [109], [73] Works in bold explicitly consider diversity of configurations.…”

Section: A Qualitative Evaluationmentioning

confidence: 99%

“…In order to do this, they use a topological distance measure, which in their case is the symmetric difference between the edge sets of the current and the consecutive defense configuration. Although they do not explicitly recognize it as a diversity metric like [109], [73], they bring to light an interesting issue that most MTD papers seem to either miss or assume by default. If there was an attack, that with extremely little modification, could exploit all the defender's configuration that is a part of the MTD, an MTD would not be an effective defense strategy.…”

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

“…We believe that it would be easier to convince practitioners about the effectiveness of an MTD if researchers can show that diverse defender actions can indeed be generated at a low cost. This is the goal of [109], who create an approach at the compiler level to increase software diversity and [73], who use a genetic algorithm to draw a pool of configurations that maximize diversity. c) Considers both: Only a few works take a holistic view in regards to security and consider both the security of each individual defense and the ensemble as a whole.…”

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

See 2 more Smart Citations

A Survey of Moving Target Defenses for Network Security

Sengupta

Chowdhary

Sabur

et al. 2020

IEEE Commun. Surv. Tutorials

182

View full text Add to dashboard Cite

Network defense techniques based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to static nature of network services and configurations. Moving Target Defense (MTD), on the other hand, provides an intelligent countermeasure by dynamically re-configuring the underlying systems, thereby reducing the effectiveness of cyber attacks. In this survey, we analyze the recent advancements made in the development of MTD tools, techniques and procedures (TTP) and highlight how these defenses can be made more effective with the use of artificial intelligence techniques for decision making. We first define a unified formal notation for MTDs that can capture different aspects of such defenses. We then categorize these defenses into different sub-classes depending on how they answer the three questions-what to move, when to move and how to moveshowcasing how game theoretic strategies can effectively answer the latter question. To understand the usefulness of these defense methods, we study the implementation of such MTD techniques. We find that (relatively) new networking technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) provide effective means for implementing these dynamic defense methods. To encourage researchers and industry experts in using such defenses, we highlight industry use-cases and discuss the practicality and maturity of these defenses. To aid readers who want to test or deploy MTD techniques, we highlight existing MTD test-beds. Our survey then performs both a qualitative and quantitative analysis to better understand the effectiveness of these MTDs in terms of security and performance. To that extent, we use well-defined metrics such as risk analysis, performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, targeted threat models and defense cost for quantitative evaluation. Finally, we conclude by summarizing research opportunities that our survey elucidates.

show abstract

Section: A Qualitative Evaluationmentioning

confidence: 99%

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Moving Target Defenses for Network Security

Sengupta

Chowdhary

Sabur

et al. 2020

IEEE Commun. Surv. Tutorials

182

View full text Add to dashboard Cite

show abstract

“…The most common (as of 2017) examples of diversity in computer systems are the use of different programming languages, hardware architectures, cloud providers, operating systems, hypervisors, compilers or compiler arguments, and ASLR (Address Space Layout Randomization) versions that enable identical programs to possess diversity. It has previously been argued that there are inherent benefits to software diversity in the context of mitigation of attacks [10,11].…”

Section: Security Through Diversitymentioning

confidence: 99%

Low-Level Exploitation Mitigation by Diverse Microservices

Otterstad¹,

Yarygina²

2017

Service-Oriented and Cloud Computing

View full text Add to dashboard Cite

This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

show abstract

“…Until now, however, the ASLR improvements suggested in the literature have suffered from one or more drawbacks that have prevented their use in practice. Some techniques rely on binary rewriting, which does not scale to complex programs such as web browsers [22,38]; others randomize the code using a customized compiler [35], or require each user to download their own unique binary [42].…”

Section: Introductionmentioning

confidence: 99%

Selfrando: Securing the Tor Browser against De-anonymization Exploits

Conti

Crane²,

Frassetto

et al. 2016

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Tor is a well-known anonymous communication system used by millions of users, including journalists and civil rights activists all over the world. The Tor Browser gives non-technical users an easy way to access the Tor Network. However, many government organizations are actively trying to compromise Tor not only in regions with repressive regimes but also in the free world, as the recent FBI incidents clearly demonstrate. Exploiting software vulnerabilities in general, and browser vulnerabilities in particular, constitutes a clear and present threat to the Tor software. The Tor Browser shares a large part of its attack surface with the Firefox browser. Therefore, Firefox vulnerabilities (even patched ones) are highly valuable to attackers trying to monitor users of the Tor Browser. In this paper, we present selfrando-an enhanced and practical load-time randomization technique for the Tor Browser that defends against exploits, such as the one FBI allegedly used against Tor users. Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers. Moreover, we collaborated closely with the Tor Project to ensure that selfrando is fully compatible with AddressSanitizer (ASan), a compiler feature to detect memory corruption. ASan is used in a hardened version of Tor Browser for test purposes. The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing.

show abstract

Large-Scale Automated Software Diversity—Program Evolution Redux

Cited by 31 publications

References 40 publications

A Survey of Moving Target Defenses for Network Security

A Survey of Moving Target Defenses for Network Security

Low-Level Exploitation Mitigation by Diverse Microservices

Selfrando: Securing the Tor Browser against De-anonymization Exploits

Contact Info

Product

Resources

About