Thomas Hobson
ABSTRACT
Moving Target (MT) defenses have been proposed as a game-changing approach to rebalance the security landscape in favor of the defender. MT techniques make systems less deterministic, less static, and less homogeneous in order to increase the level of effort required to achieve a successful compromise. However, a number of challenges in achieving effective movement lead to weaknesses in MT techniques that can often be used by the attackers to bypass or otherwise nullify the impact of that movement. In this paper, we propose that these challenges can be grouped into three main types: coverage, unpredictability, and timeliness. We provide a description of these challenges and study how they impact prominent MT techniques. We also discuss a number of other considerations faced when designing and deploying MT defenses.
- P. Barford and V. Yegneswaran. An inside look at botnets. In M. Christodorescu, S. Jha, D. Maughan, D. Song, and C. Wang, editors, Malware Detection, volume 27 of Advances in Information Security, pages 171--191. Springer US, 2007.Google Scholar
- E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS '03, pages 281--289, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
- A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh. Hacking blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014. Google ScholarDigital Library
- S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In Proc. of the 17th ACM CCS, pages 559--572, 2010. Google ScholarDigital Library
- X. Chen. Aslr bypass apocalypse in recent zero-day exploits, 2013.Google Scholar
- DoD. Lightweight portable security, 2014.Google Scholar
- T. Durden. Bypassing pax aslr protection, 2002.Google Scholar
- W. Herlands, T. Hobson, and P. Donovan. Effective entropy: Security-centric metric for memory randomization techniques. In Workshop on Cyber Security Experimentation and Test, 2014. Google ScholarDigital Library
- T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz. Diversifying the software stack using randomized nop insertion. In Moving Target Defense, pages 151--173. 2013.Google ScholarCross Ref
- G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security, CCS '03, pages 272--280, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
- C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Proc. of ACSAC'06, pages 339--348. Ieee, 2006. Google ScholarDigital Library
- P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. Sok: Automated software diversity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014. Google ScholarDigital Library
- D. J. C. MacKay. Information Theory, Inference & Learning Algorithms. Cambridge University Press, New York, NY, USA, 2002. Google ScholarDigital Library
- P. K. Manadhata and J. M. Wing. An attack surface metric. Software Engineering, IEEE Transactions on, 37(3):371--386, 2011. Google ScholarDigital Library
- S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound: Highly compatible and complete spatial memory safety for c. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '09, pages 245--258, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Cets: Compiler enforced temporal safety for c. In Proceedings of the 2010 International Symposium on Memory Management, ISMM '10, pages 31--40, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- Nergal. The advanced return-into-lib(c) exploits (pax case study). Phrack Magazine, 58(4):54, Dec 2001.Google Scholar
- H. Okhravi, A. Comella, E. Robinson, and J. Haines. Creating a cyber moving target for critical infrastructure applications using platform diversity. Elsevier International Journal of Critical Infrastructure Protection, 5:30--39, Mar 2012.Google ScholarCross Ref
- H. Okhravi, T. Hobson, D. Bigelow, and W. Streilein. Finding focus in the blur of moving-target techniques. IEEE Security & Privacy, 12(2):16--26, Mar 2014.Google ScholarCross Ref
- PaX. Pax address space layout randomization, 2003.Google Scholar
- G. Portokalidis and A. D. Keromytis. Fast and practical instruction-set randomization for commodity systems. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 41--48, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- B. Salamat, A. Gal, and M. Franz. Reverse stack execution in a multi-variant execution environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, 2008.Google Scholar
- J. Seibert, H. Okhravi, and E. Soderstrom. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proc. of the 21st ACM CCS, 2014. Google ScholarDigital Library
- F. J. Serna. cve-2012-0769, the case of the perfect info leak, 2012.Google Scholar
- H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proc. of ACM CCS, pages 552--561, 2007. Google ScholarDigital Library
- H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proc. of ACM CCS, pages 298--307, 2004. Google ScholarDigital Library
- A. N. Sovarel, D. Evans, and N. Paul. Where's the feeb? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, volume 6, 2005. Google ScholarDigital Library
- R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter. Breaking the memory secrecy assumption. In Proceedings of EuroSec '09, 2009. Google ScholarDigital Library
- L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In Proc. of IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
- M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On the expressiveness of return-into-libc attacks. In Proc. of RAID'11, pages 121--141, 2011. Google ScholarDigital Library
Index Terms
- On the Challenges of Effective Movement
Recommendations
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityCode-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research has proposed a variety of defenses with differing security, efficiency, and practicality characteristics. Whereas the majority of these solutions focus ...
ILR: Where'd My Gadgets Go?
SP '12: Proceedings of the 2012 IEEE Symposium on Security and PrivacyThrough randomization of the memory space and the confinement of code to non-data pages, computer security researchers have made a wide range of attacks against program binaries more difficult. However, attacks have evolved to exploit weaknesses in ...
Getting Beyond Tit for Tat: Better Strategies for Moving Target Prototyping and Evaluation
MTD '15: Proceedings of the Second ACM Workshop on Moving Target DefenseThe cyber moving target (MT) approach has been identified as one of the game-changing themes to rebalance the cyber landscape in favor of defense. MT techniques make cyber systems less static, less homogeneous, and less deterministic in order to create ...
Comments