Run-Time Randomization to Mitigate Tampering
نویسندگان
چکیده
The problem of defending software against tampering by a malicious host is not expected to be solved soon. Rather than trying to defend against the first attack, randomization tries to minimize the impact of a successful attack. Unfortunately, widespread adoption of this technique is hampered by its incompatibility with the current software distribution model, which requires identical physical copies. The ideas presented in this paper are a compromise between distributing identical copies and unique executions by diversifying at run time, based upon additional chaff input and variable program state. This makes it harder to zoom in on a point of interest and may fool an attacker into believing that he has succeeded, while the attack will work only for a short period of time, a small number of computers, or a subset of the input space.
منابع مشابه
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effectively mitigate code reuse attacks. However, a recent attack strategy, dubbed just-in-time return oriented programming (JIT-ROP), circumvents code randomization by disclosing the (randomized) content of many memory pages at runtime. In order to remedy this situation, new and improved code randomi...
متن کاملHardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
The widespread use of memory unsafe programming languages (e.g., C and C++), especially in embedded systems and the Internet of Things (IoT), leaves many systems vulnerable to memory corruption attacks. A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the control flow of the code at run-time, e.g., (fine-grained) ASLR or Control Flow Integrity (C...
متن کاملEnhanced Passive copy – paste Tampering Detection Technique for Digital Images
Digital images are powerful and widely used communication medium in many fields like medical imaging, digital forensics, surveillance, journalism, etc. The availability of sophisticated digital image technology has given rise to image forgery. The forgeries are very difficult for a human eye to detect. Passive tampering detection method aims to detect the tampering areas in the digital images w...
متن کاملChaos for a Fast, Secure, and Predictable Future
Violating a program’s semantics for fun and profit is a time honored hacker tradition. Compilers defend against such fiends by inserting run-time checks to enforce semantic safety properties. Safe language compilers insert type checks for down-casts, information flow compilers [11] add run-time checks to prevent information leakage, and tools like SAFECode [8], WIT [1], and DFI [6] insert run-t...
متن کاملAvoid Powerful Tampering by Malicious Host
This paper indicates a potential security threat which may do harm to distributed computing security. As the program is distributed to run in the remote nodes, adversary may use simulator to produce false results to do tampering. Some sophisticated simulator can give powerful tampering ability to adversary, with the reason explained in this paper. In order to solve this security problem, Real P...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007