Independence From Obfuscation: A Semantic Framework for Diversity

Independence From Obfuscation: A Semantic Framework for Diversity
Riccardo Pucella and Fred B. Schneider

Citation
Riccardo Pucella and Fred B. Schneider. "Independence From Obfuscation: A Semantic Framework for Diversity". Technical report, Cornell University, TR2006-2016, January, 2006.

Abstract
A set of replicas is diverse to the extent that all implement the same functionality but differ in their implementation details. Diverse replicas are less prone to having vulnerabilities in common, because attacks typically depend on memory layout and/or instruction-sequence specifics. Recent work advocates using mechanical means, such as program rewriting, to create such diversity. A correspondence between the specific transformations being employed and the attacks they defend against is often provided, but little has been said about the overall effectiveness of diversity per se in defending against attacks. With this broader goal in mind, we here give a precise characterization of attacks, applicable to viewing diversity as a defense, and also show how mechanically-generated diversity compares to a well-understood defense, strong typing.

Electronic downloads

Independence%20from%20Obfuscation%20Report.pdf · application/pdf · 340 kbytes

Citation formats

HTML

Riccardo Pucella and Fred B. Schneider. <a
href="http://www.truststc.org/pubs/34.html"
><i>Independence From Obfuscation: A Semantic
Framework for Diversity</i></a>, Technical
report,  Cornell University, TR2006-2016, January, 2006.

Plain text

Riccardo Pucella and Fred B. Schneider. "Independence
From Obfuscation: A Semantic Framework for Diversity".
Technical report,  Cornell University, TR2006-2016, January,
2006.

BibTeX

@techreport{PucellaSchneider06_IndependenceFromObfuscationSemanticFrameworkForDiversity,
    author = {Riccardo Pucella and Fred B. Schneider},
    title = {Independence From Obfuscation: A Semantic
              Framework for Diversity},
    institution = {Cornell University},
    number = {TR2006-2016},
    month = {January},
    year = {2006},
    abstract = {A set of replicas is diverse to the extent that
              all implement the same functionality but differ in
              their implementation details. Diverse replicas are
              less prone to having vulnerabilities in common,
              because attacks typically depend on memory layout
              and/or instruction-sequence specifics. Recent work
              advocates using mechanical means, such as program
              rewriting, to create such diversity. A
              correspondence between the specific
              transformations being employed and the attacks
              they defend against is often provided, but little
              has been said about the overall effectiveness of
              diversity per se in defending against attacks.
              With this broader goal in mind, we here give a
              precise characterization of attacks, applicable to
              viewing diversity as a defense, and also show how
              mechanically-generated diversity compares to a
              well-understood defense, strong typing.},
    URL = {http://www.truststc.org/pubs/34.html}
}

Posted by Amy D. Fish on 17 Feb 2006.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.