Proactive obfuscation

Abstract

Proactive obfuscation is a new method for creating server replicas that are likely to have fewer shared vulnerabilities. It uses semantics-preserving code transformations to generate diverse executables, periodically restarting servers with these fresh versions. The periodic restarts help bound the number of compromised replicas that a service ever concurrently runs, and therefore proactive obfuscation makes an adversary's job harder. Proactive obfuscation was used in implementing two prototypes: a distributed firewall based on state-machine replication and a distributed storage service based on quorum systems. Costs intrinsic to supporting proactive obfuscation in replicated systems were evaluated by measuring the performance of these prototypes. The results show that employing proactive obfuscation adds little to the cost of replica-management protocols.

Document Details

Document Type
Pub Defense Publication
Publication Date
Jul 01, 2010
Source ID
10.1145/1813654.1813655

Entities

People

  • Fred B. Schneider
  • Tom Roeder

Organizations

  • Air Force Office of Scientific Research
  • Cornell University
  • Division of Computing and Communication Foundations
  • Microsoft Research
  • National Science Foundation

Tags

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Systems Analysis and Design