Home // SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies // View article

Strengthening Software Diversity Through Targeted Diversification

Authors:
Vipin Singh Sehrawat
Yvo Desmedt

Keywords: Software diversity, Return Oriented Programming, Code reuse attack, Targeted diversification.

Abstract:
Code reuse attacks use snippets of code (called gadgets) from the target program. Software diversity aims to thwart code reuse attacks by increasing the uncertainty regarding the target program. The current practice is to quantify the security impact of software diversity algorithms via the number/percentage of the surviving gadgets. Recent attacks prove that only reducing the number of surviving gadgets does not add any security against code reuse attacks. We propose the use of the count/percentage of usable and surviving gadgets as the metric to quantify the security impact of software diversity algorithms. We present a novel software diversity algorithm, named NOP4Gadgets, that leaves 0.012% and 14.35% surviving and usable gadgets, respectively. NOP4Gadgets performs targeted diversification, concentrated around the potential Return Oriented Programming (ROP) gadgets. The performance overhead of NOP4Gadgets is 1% for the SPEC CPU2006 benchmark suite.

Pages: 185 to 190

Copyright: Copyright (c) IARIA, 2016

Publication date: July 24, 2016

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-493-0

Location: Nice, France

Dates: from July 24, 2016 to July 28, 2016