Software Security through Targeted Diversification
نویسندگان
چکیده
Despite current software protection techniques, applications are still analysed, tampered with, and abused on a large scale. Crackers compensate for each new protection technique by adapting their analysis and tampering tools. This paper presents a low-cost mechanism to effectively protect software against global tampering attacks. By introducing diversity per programme instance, we illustrate how to defeat various patching methods using inlined code snippets. We propose an efficient technique for creating the snippets based on genetic programming ideas, and illustrate how our approach might trigger a small-scale arms race between defending and attacking parties, each forced to evolve in order to “stay in the game”.
منابع مشابه
Wide application security by low-level program code obfuscation techniques
The goal of our research project is to protect security of applications and software systems in a whole new way: by diversifying implementations of all the software layers and their interfaces on the binary level. The system call interface of the operating system is diversified uniquely for each system and all the entry points to this interface are diversified in applications and libraries acco...
متن کاملImproved Kernel Security Through Code Validation, Diversification, and Minimization
Stanley, Dannie M. Ph.D., Purdue University, December 2013. Improved Kernel Security Through Code Validation, Diversification, and Minimization. Major Professors: Eugene H. Spafford and Dongyan Xu. The vast majority of hosts on the Internet, including mobile clients, are running one of three commodity, general-purpose operating system families. In such operating systems the kernel software exec...
متن کاملInformation Security Risk Management
The increasing dependence on information networks for business operations has focused managerial attention on managing risks posed by failure of these networks. In this paper, we develop models to assess the risk of failure on the availability of an information network due to attacks that exploit software vulnerabilities. Software vulnerabilities arise from software installed on the nodes of th...
متن کاملCloud Implications on Software Network Structure and Security Risks
B software vendors offering, via the cloud, software-as-a-service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified. This can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we constr...
متن کاملLivelihood Diversification among the Agricultural Land Scarce Peasants in the Central Highlands of Ethiopia
This article examines the livelihood strategies of land scarce peasants in Ethiopian. Land scarce peasants have a limited livelihood security on a sustainable manner and bypassed by major development programmes. The study was centred on two sets of rationales. First, for those peasants who do not have sufficient farmland, agriculture provides only a limited portion of households’ livelihood...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007