Automated Software Diversity PDF Download

Are you looking for read ebook online? Search for your book and save it on your Kindle device, PC, phones or tablets. Download Automated Software Diversity PDF full book. Access full book title Automated Software Diversity by Per Larsen. Download full books in PDF and EPUB format.
Automated Software Diversity PDF Author: Per Larsen
Publisher: Springer Nature
ISBN: 3031023463
Category : Computers
Languages : en
Pages : 76

Book Description
Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Automated Software Diversity

Automated Software Diversity PDF Author: Per Larsen
Publisher: Springer Nature
ISBN: 3031023463
Category : Computers
Languages : en
Pages : 76

Book Description
Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Defeating memory error exploits using automated software diversity

Defeating memory error exploits using automated software diversity PDF Author:
Publisher:
ISBN:
Category :
Languages : en
Pages :

Book Description
Defeating memory error exploits using automated software diversity.

Software Engineering for Resilient Systems

Software Engineering for Resilient Systems PDF Author: Alessandro Fantechi
Publisher: Springer
ISBN: 3319231294
Category : Computers
Languages : en
Pages : 145

Book Description
This book constitutes the refereed proceedings of the 7th International Workshop on Software Engineering for Resilient Systems, SERENE 2015, held in Paris, France, in September 2015. The 10 revised technical papers presented were carefully reviewed and selected from 18 submissions. The papers are organized in topical sections on development of resilient systems, verification, validation and evaluation of resilience, case studies and applications.

Defeating Memory Error Exploits Using Automated Software Diversity

Defeating Memory Error Exploits Using Automated Software Diversity PDF Author:
Publisher:
ISBN:
Category :
Languages : en
Pages :

Book Description


Data and Applications Security and Privacy XXXIII

Data and Applications Security and Privacy XXXIII PDF Author: Simon N. Foley
Publisher: Springer
ISBN: 3030224791
Category : Computers
Languages : en
Pages : 419

Book Description
This book constitutes the refereed proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2019, held in Charleston, SC, USA, in July 2018. The 21 full papers presented were carefully reviewed and selected from 52 submissions. The papers present high-quality original research from academia, industry, and government on theoretical and practical aspects of information security. They are organized in topical sections on attacks, mobile and Web security, privacy, security protocol practices, distributed systems, source code security, and malware.

Enhancing and Extending Software Diversity

Enhancing and Extending Software Diversity PDF Author: Stephen Crane
Publisher:
ISBN: 9781321995763
Category :
Languages : en
Pages : 146

Book Description
Software immunity through diversity is a promising research direction. Address Space Layout Randomization has been widely deployed to defend against code-reuse attacks and significantly raises the bar for attackers. However, automated software diversity is still exploitable by adroit and adaptable adversaries. Using powerful memory disclosure attacks, offensive researchers have demonstrated weaknesses in conventional randomization techniques. In addition, current defenses are largely passive and allow attackers to continuously brute-force randomized defenses with little impediment. Building on the foundation of automated software diversity, we propose novel techniques to strengthen the security and broaden the impact of code randomization. We first discuss software booby traps, a new active defense technique enabled by randomized program contents. We then propose, implement, and evaluate a comprehensive randomization-based system, Readactor++, which is resilient to all types of memory disclosure attacks. Readactor++ enforces execute-only memory protections on commodity x86 processors, thus preventing direct disclosure of randomized code. We also identify the indirect disclosure attack, a new class of code leakage via data disclosure, and mitigate this attack as well. By integrating booby traps into our system, we protect against brute-force memory disclosure attempts. In our evaluation we find that Readactor++ compares favorably to other memory-disclosure resilient code-reuse defenses and that it scales effectively to complex, real-world software. Finally, we propose a novel extension of code randomization to mitigate side-channel rather than code-reuse attacks. Using control-flow diversity, a novel control-flow transformation, we introduce dynamic behavior into program side effects with fast, static code. As an example, we apply this technique to mitigate an AES cache side-channel attack. With our techniques, software diversity can now be efficiently secured against advanced attacks, including memory disclosure and function table reuse, and is adaptable to combat new classes of threats, such as side-channel attacks.

Anti-fragile ICT Systems

Anti-fragile ICT Systems PDF Author: Kjell Jørgen Hole
Publisher: Springer
ISBN: 3319300709
Category : Computers
Languages : en
Pages : 151

Book Description
This book introduces a novel approach to the design and operation of large ICT systems. It views the technical solutions and their stakeholders as complex adaptive systems and argues that traditional risk analyses cannot predict all future incidents with major impacts. To avoid unacceptable events, it is necessary to establish and operate anti-fragile ICT systems that limit the impact of all incidents, and which learn from small-impact incidents how to function increasingly well in changing environments. The book applies four design principles and one operational principle to achieve anti-fragility for different classes of incidents. It discusses how systems can achieve high availability, prevent malware epidemics, and detect anomalies. Analyses of Netflix’s media streaming solution, Norwegian telecom infrastructures, e-government platforms, and Numenta’s anomaly detection software show that cloud computing is essential to achieving anti-fragility for classes of events with negative impacts.

The Diversity Scorecard

The Diversity Scorecard PDF Author: Edward Hubbard
Publisher: Routledge
ISBN: 1136358323
Category : Business & Economics
Languages : en
Pages : 256

Book Description
'The Diversity Scorecard' is designed to provide step-by-step instructions, worksheets and examples to help diversity executives and managers analyze and track the impact of their diversity initiatives to mobilize the organization for strategic culture change. Diversity is not a program; it is a systemic process of organizational change that requires measurement for organizational improvement and success. Measuring the progress and results of diversity initiatives is a key strategic requirement to demonstrate its contribution to organizational performance. Diversity executives, professionals and managers know they must begin to show how diversity is linked to the bottom-line in hard numbers or they will have difficulty maintaining funds, gaining support, and obtaining resources to generate progress. Many organizations collect some type of diversity-related data today, even if it focuses only on Affirmative Action statistics. "The Diversity Scorecard" focuses on tools and techniques to make sure diversity professionals are collecting and measuring the right type of data that will help ensure the organization"s success both now and in the future. This book helps the reader spend some time thinking about what they currently measure and adding new measures to a database to track progress towards their diversity vision. The basic premises of this book are that it is important to develop measures that focus on the past, present, and future; and that measures need to consider the needs of the organization"s diverse workforce, its work climate, diverse customers, the community, and shareholders. Part I of "The Diversity Scorecard" identifies the need for diversity measurement highlighting a business case for diversity and providing an introduction to diversity measurement. Part II of the book outlines the diversity return on investment (DROI) process taking you through step-by-step processes and techniques. Part III teaches you how to use measures in six key categories - Diversity Leadership Commitment, Workforce Profile Representation, Workplace Climate, Learning & Growth, Diverse Customer / Community Partnerships, and Financial Impact - to build a diversity scorecard that is aligned and linked with the business strategy of the organization. Finally, in Part IV, Dr. Hubbard discusses implementation issues involving strategic change procedures and techniques to avoid the pitfalls inherent in a diversity-based cultural transition process.

Securing Statically and Dynamically Compiled Programs Using Software Diversity

Securing Statically and Dynamically Compiled Programs Using Software Diversity PDF Author: Andrei Homescu
Publisher:
ISBN: 9781321964363
Category :
Languages : en
Pages : 113

Book Description
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus on automated software diversity. This is a promising area of research, as diversity attacks one cause of code reuse attacks0́4the software monoculture. Software diversity raises the costs of an attack by providing users with different variations of the same program. However, modern software diversity implementations are still vulnerable to certain threats: code disclosure attacks and attacks targeted at JIT (just-in-time) compilers for dynamically compiled languages. In this dissertation, we address the pressing problem of building secure systems out of programs written in unsafe languages. Specifically, we use software diversity to present attackers with an unpredictable attack surface. This dissertation contributes new techniques that improve the security, efficiency, and coverage of software diversity. We discuss three practical aspects of software diversity deployment: (i) performance optimization using profile guided code randomization, (ii) transparent code randomization for JIT compilers, and (iii) code hiding support for JIT compilers. We make the following contributions: we show a generic technique to reduce the runtime cost of software diversity, describe the first technique that diversifies the output of JIT compilers and requires no source code changes to the JIT engine, and contribute new techniques to prevent disclosure of diversified code. Specifically, we demonstrate how to switch between execute-only and read-write page permissions to efficiently and comprehensively prevent JIT-oriented exploits. Our in-depth performance and security evaluation shows that software diversity can be efficiently implemented with low overhead (as low as 1% for profile-guided NOP insertion and 7.8% for JIT code hiding) and is an effective defense against a large class of code reuse and code disclosure attacks.

The State of the Art in Intrusion Prevention and Detection

The State of the Art in Intrusion Prevention and Detection PDF Author: Al-Sakib Khan Pathan
Publisher: CRC Press
ISBN: 1482203510
Category : Computers
Languages : en
Pages : 514

Book Description
The State of the Art in Intrusion Prevention and Detection analyzes the latest trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and intrusion in social networks. Presenting cutting-edge research, the book presents novel schemes for intrusion detection and prevention. It discusses tracing back mobile attackers, secure routing with intrusion prevention, anomaly detection, and AI-based techniques. It also includes information on physical intrusion in wired and wireless networks and agent-based intrusion surveillance, detection, and prevention. The book contains 19 chapters written by experts from 12 different countries that provide a truly global perspective. The text begins by examining traffic analysis and management for intrusion detection systems. It explores honeypots, honeynets, network traffic analysis, and the basics of outlier detection. It talks about different kinds of IDSs for different infrastructures and considers new and emerging technologies such as smart grids, cyber physical systems, cloud computing, and hardware techniques for high performance intrusion detection. The book covers artificial intelligence-related intrusion detection techniques and explores intrusion tackling mechanisms for various wireless systems and networks, including wireless sensor networks, WiFi, and wireless automation systems. Containing some chapters written in a tutorial style, this book is an ideal reference for graduate students, professionals, and researchers working in the field of computer and network security.