Feedback-driven binary code diversification

Coppens, Bart; Sutter, Bjorn De; Maebe, Jonas

doi:10.1145/2400682.2400683

Cited by 25 publications

(15 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Artificial software diversity, like its biological counterpart, is a highly flexible and efficient defense mechanism. Code injection, code reuse, and reverse engineering attacks are all significantly harder against diversified software ([1], [2], [3], [4], [5], [6], [7], [8]). We propose to extend software diversity to protect against side-channel attacks, in particular cache side channels.…”

Section: Motivationmentioning

confidence: 99%

“…However, the granularity of randomization in these approaches is quite coarse, potentially allowing an attacker to observe the program uninterrupted for long enough to carry out a successful side-channel attack. We avoid this problem by extending techniques used to prevent reverse engineering such as code replication and control-flow randomization ( [12], [7]). Unlike these approaches, however, we replicate code at a finer grained level and produce a nearly unlimited number of runtime paths by randomly switching between these replicas.…”

Section: Motivationmentioning

confidence: 99%

“…While opaque predicates usually refer to predicates that have a known outcome at obfuscation time but are expensive to decide afterward via static analysis, Collberg et al also mention "variable" opaque predicates that flip-flop between true and false at runtime. These ideas were evaluated in depth by Anckaert et al [12] as a defense against reverse engineering, by Collberg et al [8] in context of client-side tampering of networked systems, and by Coppens et al [7] to prevent reverse engineering of patches. Our work differs in its use of control flow randomization: we use it to switch among implementation variants (replicas) with fine-granularity-not as a randomizing transformation in itself.…”

Section: B Artificial Software Diversitymentioning

confidence: 99%

See 2 more Smart Citations

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Crane¹,

Homescu²,

Brunthaler

et al. 2015

Proceedings 2015 Network and Distributed System Security Symposium

127

View full text Add to dashboard Cite

We explore software diversity as a defense against side-channel attacks by dynamically and systematically randomizing the control flow of programs. Existing software diversity techniques transform each program trace identically. Our diversity based technique instead transforms programs to make each program trace unique. This approach offers probabilistic protection against both online and off-line side-channel attacks.

show abstract

Section: Motivationmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

Section: B Artificial Software Diversitymentioning

confidence: 99%

See 1 more Smart Citation

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Crane¹,

Homescu²,

Brunthaler

et al. 2015

Proceedings 2015 Network and Distributed System Security Symposium

127

View full text Add to dashboard Cite

show abstract

“…Taking countermeasures in a link-time rewriter like Diablo [11] is trivial, as already demonstrated in the context of software diversification [14]. Mixing unrelated code can be done at any level of granularity, because all code is represented in one big CFG [11], from which binary code in virtually any (randomized) order can be generated.…”

Section: Code Layout Randomizationmentioning

confidence: 98%

Obfuscated integration of software protections

Broeck

Coppens

Sutter

2020

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well-known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied protections. To counter that exploitation of modularity at different levels of granularity, the boundaries between the modules in the program need to be obfuscated. We propose to do so by combining three cross-boundary protection techniques that thwart the disassembly process and in particular the reconstruction of functions: code layout randomization, interprocedurally coupled opaque predicates, and code factoring with intraprocedural control flow idioms. By means of an elaborate experimental evaluation and an extensive sensitivity analysis on realistic use cases and state-of-the-art tools, we demonstrate our technique's potency and resilience to advanced attacks. All relevant code is publicly available online.

show abstract

“…Anckaert et al do not tackle the problem of measuring the diversity among the different versions, which is necessary for performing a diversity evaluation. Coppens et al [9] apply binary diversification changing a random seed and they iteratively compare it with the previous one till they get a new version different enough from the previous version; however they search just one version, and not the best subset of versions like in our approach. Diversity has also been applied to improve security in different research lines: code randomization has been used to defend against code-reuse attacks [26], returnoriented programming attacks [15], code injection attacks [29].…”

Section: Related Workmentioning

confidence: 99%

Search Based Clustering for Protecting Software with Diversified Updates

Ceccato

Falcarin

Cabutto

et al. 2016

Search Based Software Engineering

View full text Add to dashboard Cite

Reverse engineering is usually the stepping stone of a variety of attacks aiming at identifying sensitive information (keys, credentials, data, algorithms) or vulnerabilities and flaws for broader exploitation. Software applications are usually deployed as identical binary code installed on millions of computers, enabling an adversary to develop a generic reverse-engineering strategy that, if working on one code instance, could be applied to crack all the other instances. A solution to mitigate this problem is represented by Software Diversity, which aims at creating several structurally different (but functionally equivalent) binary code versions out of the same source code, so that even if a successful attack can be elaborated for one version, it should not work on a diversified version. In this paper, we address the problem of maximizing software diversity from a search-based optimization point of view. The program to protect is subject to a catalogue of transformations to generate many candidate versions. The problem of selecting the subset of most diversified versions to be deployed is formulated as an optimisation problem, that we tackle with different search heuristics. We show the applicability of this approach on some popular Android apps.

show abstract

Feedback-driven binary code diversification

Cited by 25 publications

References 31 publications

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Obfuscated integration of software protections

Search Based Clustering for Protecting Software with Diversified Updates

Contact Info

Product

Resources

About