Simulation based Evaluation of a Code Diversification Strategy

Brady Tello; Michael Winterrose; George Baah; Michael Zhivich

doi:10.5220/0005522200360043

Simulation based Evaluation of a Code Diversification Strategy

Brady Tello, Michael Winterrose, George Baah, Michael Zhivich

2015

Abstract

Periodic randomization of a computer program’s binary code is an attractive technique for defending against several classes of advanced threats. In this paper we describe a model of attacker-defender interaction in which the defender employs such a technique against an attacker who is actively constructing an exploit using Return Oriented Programming (ROP). In order to successfully build a working exploit, the attacker must guess the locations of several small chunks of program code (i.e., gadgets) in the defended program’s memory space. As the attacker continually guesses, the defender periodically rotates to a newly randomized variant of the program, effectively negating any gains the attacker made since the last rotation. Although randomization makes the attacker’s task more difficult, it also incurs a cost to the defender. As such, the defender’s goal is to find an acceptable balance between utility degradation (cost) and security (benefit). One way to measure these two competing factors is the total task latency introduced by both the attacker and any defensive measures taken to thwart him. We simulated a number of diversity strategies under various threat scenarios and present the measured impact on the defender’s task.

Download

Paper Citation

in Harvard Style

Tello B., Winterrose M., Baah G. and Zhivich M. (2015). Simulation based Evaluation of a Code Diversification Strategy . In Proceedings of the 5th International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH, ISBN 978-989-758-120-5, pages 36-43. DOI: 10.5220/0005522200360043

in Bibtex Style

@conference{simultech15,
author={Brady Tello and Michael Winterrose and George Baah and Michael Zhivich},
title={Simulation based Evaluation of a Code Diversification Strategy},
booktitle={Proceedings of the 5th International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,},
year={2015},
pages={36-43},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005522200360043},
isbn={978-989-758-120-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,
TI - Simulation based Evaluation of a Code Diversification Strategy
SN - 978-989-758-120-5
AU - Tello B.
AU - Winterrose M.
AU - Baah G.
AU - Zhivich M.
PY - 2015
SP - 36
EP - 43
DO - 10.5220/0005522200360043