RT Journal Article
JF IEEE Transactions on Dependable and Secure Computing
YR 2017
VO 14
IS 2
SP 158
TI Large-Scale Automated Software Diversity—Program Evolution Redux
A1 Andrei Homescu,
A1 Todd Jackson,
A1 Stephen Crane,
A1 Stefan Brunthaler,
A1 Per Larsen,
A1 Michael Franz,
A1 undefined,
A1 undefined,
A1 undefined,
A1 undefined,
K1 Security
K1 Entropy
K1 Programming
K1 Browsers
K1 Operating systems
K1 Program processors
K1 code reuse attacks
K1 Biologically-inspired defenses
K1 artificial software diversity
K1 return-oriented programming
K1 jump-oriented programming
AB The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability implied by our software monoculture. Besides describing an industrial-strength implementation of automated software diversity, we introduce methods to objectively measure the effectiveness of diversity in general, and its potential to eliminate code-reuse attacks in particular.
PB IEEE Computer Society, [URL:http://www.computer.org]
SN 1545-5971
LA English
DO 10.1109/TDSC.2015.2433252
LK http://doi.ieeecomputersociety.org/10.1109/TDSC.2015.2433252