Automated software diversity /
By: Larsen, Per [author.].
Contributor(s): Brunthaler, Stefan [author.] | Davi, Lucas [author.] | Sadeghi, Ahmad-Reza [author.] | Franz, Michael [author.].
Material type: BookSeries: Synthesis digital library of engineering and computer science: ; Synthesis lectures on information security, privacy, and trust: # 14.Publisher: San Rafael, California (1537 Fourth Street, San Rafael, CA 94901 USA) : Morgan & Claypool, 2016.Description: 1 PDF (xi, 76 pages) : illustrations.Content type: text Media type: electronic Carrier type: online resourceISBN: 9781627057554.Subject(s): Computer-aided software engineering | Computer security | Systems programming (Computer science) | Stochastic programming | software diversity | code randomization | data randomization | information leaks | leakage resilience | code reuse | exploitationDDC classification: 005.1 Online resources: Abstract with links to resource Also available in print.Item type | Current location | Call number | Status | Date due | Barcode | Item holds |
---|---|---|---|---|---|---|
E books | PK Kelkar Library, IIT Kanpur | Available | EBKE675 |
Mode of access: World Wide Web.
System requirements: Adobe Acrobat Reader.
Part of: Synthesis digital library of engineering and computer science.
Includes bibliographical references (pages 61-73).
1. Introduction -- 1.1 A brief history of program randomization -- 1.2 Book overview --
2. Attacking and defending -- 2.1 Taxonomy of attacks -- 2.1.1 Memory corruption attacks -- 2.1.2 Information leaks -- 2.1.3 Code injection -- 2.1.4 Code reuse -- 2.1.5 JIT attacks -- 2.1.6 Program tampering -- 2.1.7 Reverse engineering -- 2.2 Taxonomy of defenses -- 2.2.1 Enforcement-based defenses -- 2.2.2 Program integrity monitors -- 2.2.3 Diversity-based defenses -- 2.2.4 Program obfuscation --
3. What to diversify -- 3.1 Instruction level -- 3.2 Basic block level -- 3.3 Loop level -- 3.4 Function level -- 3.5 Program level -- 3.6 System level --
4. When to diversify -- 4.1 The software life cycle -- 4.2 Quantifying the impact of diversity -- 4.2.1 Security impact -- 4.2.2 Performance impact --
5. Case study: compile-time diversification -- 5.1 System description -- 5.1.1 Inserting NOP instructions -- 5.1.2 Equivalent instruction substitution -- 5.1.3 Instruction scheduling -- 5.2 Scalability of compile-time diversification -- 5.2.1 Cloud-based compilation -- 5.2.2 Scalability is practical -- 5.3 Evaluating diversification -- 5.3.1 Assessing diversification efficiency -- 5.3.2 Implementing survivor -- 5.4 Evaluating security -- 5.4.1 Frequently surviving gadgets -- 5.4.2 Determining optimal compiler parameters --
6. Information leakage resilience --
7. Advanced topics -- 7.1 Hybrid approaches -- 7.2 Error reports and patches -- Bibliography -- Authors' biographies.
Abstract freely available; full-text restricted to subscribers or individual document purchasers.
Compendex
INSPEC
Google scholar
Google book search
Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.
Also available in print.
Title from PDF title page (viewed on December 29, 2015).
There are no comments for this item.