Skip to main content
SpringerLink
Log in

Simulation Driven Policy Recommendations for Code Diversity

  • Conference paper
  • First Online:
Simulation and Modeling Methodologies, Technologies and Applications

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 442))

  • 508 Accesses

Abstract

Periodic randomization of a computer program’s binary code is an attractive technique for defending against several classes of advanced threats. In this paper we describe a model of attacker-defender interaction in which the defender employs such a technique against an attacker who is actively constructing an exploit using Return Oriented Programming (ROP). In order to successfully build a working exploit, the attacker must guess the locations of several small chunks of program code, known as gadgets, in the defended program’s memory space. The defender thwarts the attacker’s efforts by periodically re-randomizing his code. Randomization incurs some performance cost, therefore an ideal strategy strikes an acceptable balance between utility degradation (cost) and security (benefit). We present risk aware and risk agnostic policy recommendations that were generated using simulation techniques. We found that policies that create low volatility environments are ideal for risk sensitive actors while policies that favor high system performance are more suitable for higher risk appetites.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Data Breach FAQ, Target. Inc. Available from: https://corporate.target.com/about/shopping-experience/payment-card-issue-faq (07 Oct 2014)

  2. The Home Depot Provides Update on Breach Investigation, The Home Depot, Inc. Available from: https://corporate.homedepot.com/mediacenter/pages/statement1.aspx, 8 Sept 2014

  3. Greenwald, G., MacAskill, E., Poitras, L.: (2013) Edward Snowden: The Whistleblower Behind the NSA Surveillance Revelations, The Guardian. Available from: http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance, 9 Oct 2014

  4. Bumiller, E.: Army leak suspect is turned in, by Ex-Hacker. The New York Times. Available from: http://www.nytimes.com/2010/06/08/world/08leaks.html?_r=0, 09 Oct 2014

  5. CVE-2014-0160 2014, MITRE Corporation. 2014. Available from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, 09 Oct 2014

  6. Data Execution Prevention: Frequently Asked Questions n.d. Microsoft Corporation. Available from: http://windows.microsoft.com/en-us/windows-vista/data-execution-prevention-frequently-asked-questions, 09 Oct 2014

  7. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity: principles, implementations, and applications. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, 9 Oct 2014 (2005)

    Google Scholar 

  8. Okhravi, H., Hobson, T., Bigelow, D., Streilein, W.: Finding focus in the blur of moving target techniques. IEEE Secur Priv 12(2), 16–26 (2014)

    Google Scholar 

  9. Cox, B., Evans, D., Filipi, A., Rowanhill, J.: N-variant systems a secretless framework for security through diversity. In: Proceedings from the 15th Usenix Security Symposium. Available from: http://www.cs.virginia.edu/nvariant/ (2006)

  10. Franz, M.: E Unibus Pluram: massive-scale software diversity as a defense mechanism. In: Proceedings of the 2010 Workshop on New Security Paradigms, pp. 7–16. Available from: ACM Portal: ACM Digital Library (2010)

    Google Scholar 

  11. Priest, B., Vuksani, E., Wagner, N., Tello, B., Carter, K., Streilein, W.: Agent-based simulation in support of moving target cyber defense technology development and evaluation. In: Proceedings of the ACM Spring Simulation Multi-Conference (SpringSim’15) (2015)

    Google Scholar 

  12. Pal, P., Schantz, R., Paulos, A., Benyo, B.: Managed execution environment as a moving-target defense infrastructure. IEEE Secur. Priv. 12(2), 51–59 (2014)

    Article  Google Scholar 

  13. Alfred, G.B., Gray, E.H. (1998) Data farming: A metatechnique for research in the 21st century. Maneuver Warfare Science, pp. 93–99

    Google Scholar 

  14. Barry, P., Koehler, M.: Simulation in context: using data farming for decision support. In: Proceedings of the 2004 Winter Simulation Conference. vol. 1. pp. 814–819. Available from: IEEE XPlore Digital Library (2004)

    Google Scholar 

  15. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy. Available from: IEEE Xplore Digital Library (2012)

    Google Scholar 

  16. Homescu, A., Neisius, S., Larsen, P., Brunthaler, S., Franz, M.: Profile-guided automated software diversity. In: Proceedings of the 2013 International Symposium on Code Generation and Optimization, pp 204–214. Available from: IEEE Xplore Digital Library (2013)

    Google Scholar 

  17. Corelan Team n.d, Corelan ROPdb. Available from: https://www.corelan.be/index.php/security/corelan-ropdb/, 23 Oct 2014

  18. Sharpe, W.F.: Mutual fund performance. J. Bus. 39, 119–138 (1966)

    Google Scholar 

  19. Mitchell, M.: An Introduction to Genetic Algorithms. MIT Press, Cambridge (1996)

    MATH  Google Scholar 

  20. Holland, J.: Adaptation in Natural and Artificial Systems: An Introductory Analysis With Applications to Biology, Control, and Artificial Intelligence. University of Michigan Press, Arbor (1975)

    Google Scholar 

  21. Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by simulated annealing. Science (New Series) 58(2), 671–680 (1983)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The authors would like to thank Dr. William Streilein, Dr. Neal Wagner, and Dr. Kevin M. Carter of MIT Lincoln Laboratory for their advice on this paper. This work is sponsored by Defense Advanced Research Projects Agency under. Air Force Contract #FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the authors and are not necessarily endorsed by the United States Government. The views, opinions, and/or findings contained in this article are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.

Author information

Authors and Affiliations

  1. MIT Lincoln Laboratory, 244 Wood Street, Lexington, MA, USA

    Brady Tello, Michael Winterrose, George Baah & Michael Zhivich

Authors
  1. Brady Tello
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Winterrose
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Baah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Zhivich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brady Tello .

Editor information

Editors and Affiliations

  1. Dept. of Computer & Info Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

  2. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

  3. Faculty of Engg school of ECE, University of Ottawa, Ottawa, Ontario, Canada

    Tuncer Ören

  4. Polytechnic Institute of Setúbal, Setúbal, Portugal

    Joaquim Filipe

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Tello, B., Winterrose, M., Baah, G., Zhivich, M. (2016). Simulation Driven Policy Recommendations for Code Diversity. In: Obaidat, M., Kacprzyk, J., Ören, T., Filipe, J. (eds) Simulation and Modeling Methodologies, Technologies and Applications. Advances in Intelligent Systems and Computing, vol 442. Springer, Cham. https://doi.org/10.1007/978-3-319-31295-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31295-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31294-1

  • Online ISBN: 978-3-319-31295-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation