Wide application security by low-level program code obfuscation techniques

The goal of our research project is to protect security of applications and software systems in a whole new way: by diversifying implementations of all the software layers and their interfaces on the binary level. The system call interface of the operating system is diversified uniquely for each system and all the entry points to this interface are diversified in applications and libraries accordingly. Moreover, the diversification in the library level is transitive. Malware that uses prior knowledge about existing interfaces in an operating system is now rendered useless because of diversification. All in all, our diversification based solution is a proactive solution against the prevailing operating system monoculture. The research project provided a proofof-concept implementation for Linux. Our solution does not aim at removing the possible existence of security holes in Linux but rather making it infeasible to deliver effective malware through such security holes into the operating system environment.