Home // International Journal On Advances in Security, volume 8, numbers 3 and 4, 2015 // View article

Chronomorphic Programs: Runtime Diversity Prevents Exploits and Reconnaissance

Authors:
Scott Friedman
David Musliner
Peter Keller

Keywords: cyber defense; software diversity; self-modifying code

Abstract:
In Return Oriented Programming (ROP) attacks, a cyber attacker crafts an exploit from instruction sequences already contained in a running binary. ROP attacks are now used widely, bypassing many cyber defense mechanisms. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP attacks. We present a new approach that automatically rewrites potentially-vulnerable software binaries into chronomorphic binaries that change their in-memory instructions and layout repeatedly, at runtime. We describe our proof of concept implementation of this approach, discuss its security and safety properties, provide statistical analyses of runtime diversity and reduced ROP attack likelihood, and present empirical results that demonstrate the low performance overhead of actual chronomorphic binaries.

Pages: 120 to 129

Copyright: Copyright (c) to authors, 2015. Used with permission.

Publication date: December 30, 2015

Published in: journal

ISSN: 1942-2636