Software Diversification for Attack Prevention and Forecasting

Abstract

Software Diversification for Attack Prevention and Forecasting Michalis Polychronakis, Long Lu, R. Sekar Stony Brook University {mikepo, long, sekar}@cs.stonybrook.edu Exploitable software vulnerabilities constitute a leading cause of system compromises and malware infections. The proposed research aims to develop practical source-level and binary-level transformation techniques that introduce artificial diversity into existing software. Our diversification techniques will be designed to cause exploits to fail (or be detected) very quickly. To achieve this goal, our proposed approach introduces diversity into both the pre-exploitation and post-exploitation stages. At the pre-exploitation stage, the introduced diversity misleads potential exploits into unpredictable program execution states, making reliable triggering of a vulnerability almost impossible (e.g., by coercing arbitrary code execution and memory disclosure attempts to crash the targeted process). At the post-exploitation stage, the uncertainty introduced into the semantics and behavior of targeted applications and systems confuses exploits and impedes their harmful actions. We propose to design and implement practical solutions by combining several orthogonal and complementary diversification techniques: (i) fine-grained address-space randomization and partitioning, to randomize the location of code and data objects, probabilistically reduce or even eliminate existing code that could be reused as part of an attack, and isolate individual components; (ii) data representation randomization, to alter the representation of application data stored in memory; and (iii) API invocation obfuscation, to obscure the calling conventions of critical functions so that they cannot be abused by exploit code; (iv) replicated execution using disjoint randomization, to guarantee that a particular attack instance will fail in at least one of multiple diversified replicas of the main process. These techniques, operating in different dimensions, collectively hinder or expose exploitation attempts at their very first stages. 1

Document Details

Document Type
DoD Grant Award
Publication Date
Aug 12, 2016
Source ID
N000141512378

Entities

People

  • Michalis Polychronakis

Organizations

  • Office of Naval Research
  • Research Foundation for the State University of New York
  • United States Navy

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Distributed Systems and Data Platform Development
  • Systems Analysis and Design

Technology Areas

  • Cyber
  • Space