ABSTRACT
Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previous research proposed using low-entropy but carefully structured artificial diversity to create variants of an application and then run these constructed variants within a fault-tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution environment and precise static binary analysis and efficient rewriting technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.
- E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Transactions on Information and System Security, 8(1):3--40, Feb. 2005. Google ScholarDigital Library
- A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, and D. Boneh. Hacking blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 227--242, Washington, DC, USA, 2014. IEEE Computer Society. Google ScholarDigital Library
- D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In IEEE International Conference on Performance, Computing, and Communications Conference, IPCCC'07, pages 434--441, April 2007.Google ScholarCross Ref
- C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, SSYM'98, pages 5--5, Berkeley, CA, USA, 1998. USENIX Association. Google ScholarDigital Library
- B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarDigital Library
- J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd my gadgets go? In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 571--585, Washington, DC, USA, 2012. IEEE Computer Society. Google ScholarDigital Library
- C. Le Goues, T. V. Nguyen, S. Forrest, and W. Weimer. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng., 38(1):54--72, Jan. 2012. Google ScholarDigital Library
- B. Rodes, A. Nguyen-Tuong, J. D. Hiser, J. C. Knight, M. Co, and J. W. Davidson. Defense against stack-based attacks using speculative stack layout transformation. In S. Qadeer and S. Tasiran, editors, Runtime Verification, volume 7687 of Lecture Notes in Computer Science, pages 308--313. Springer Berlin Heidelberg, 2013.Google Scholar
- G. F. Roglia, L. Martignoni, R. Paleari, and D. Bruschi. Surgically returning to randomized libC. In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC '09, pages 60--69, Washington, DC, USA, 2009. IEEE Computer Society. Google ScholarDigital Library
- B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: Intrusion detection using parallel execution and monitoring of program variants in user-space. In Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys '09, pages 33--46, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- K. Scott and J. Davidson. Strata: A software dynamic translation infrastructure. In IEEE Workshop on Binary Translation, September 2001.Google Scholar
- H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552--561, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298--307, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? the effectiveness of instruction set randomization. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM'05, pages 10--10, Berkeley, CA, USA, 2005. USENIX Association. Google ScholarDigital Library
- S. Volckaert, B. De Sutter, T. De Baets, and K. De Bosschere. GHUMVEE: Efficient, effective, and flexible replication. In Proceedings of the 5th International Conference on Foundations and Practice of Security, FPS'12, pages 261--277, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
- Checkpoint/restore in userspace. http://criu.org.Google Scholar
- D. Williams, W. Hu, J. W. Davidson, J. D. Hiser, J. C. Knight, and A. Nguyen-Tuong. Security through diversity: Leveraging virtual machine technology. IEEE Security & Privacy, 7(1):26--33, Jan.--Feb. 2009. Google ScholarDigital Library
- J. Xu, Z. Kalbarczyk, and R. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems, pages 260--269, oct. 2003.Google Scholar
Recommendations
Double-Sided Information Asymmetry in Double Extortion Ransomware
Decision and Game Theory for SecurityAbstractDouble extortion ransomware attacks consist of an attack where victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence this leads to an increased willingness to pay a ransom, and higher ransoms, ...
Double edge-based traceback for wireless sensor networks
In some hostile environment, the sensor nodes can be captured by the adversary, the adversary can launch various attacks through the compromised nodes. In this paper, a double edge-based traceback DETrace scheme is proposed to reconstruct the attack ...
An Approach of Using Different Positions of Double Registers to Protect AES Hardware Structure from DPA
ISECS '10: Proceedings of the 2010 Third International Symposium on Electronic Commerce and SecurityAdvanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on ...
Comments