Compiler-Generated Software Diversity
Todd Jackson, Babak Salamat, Andrei Homescu, Karthikeyan Manivannan, Gregor Wagner, Andreas Gal, Stefan Brunthaler, Christian Wimmer, Michael Franz: Compiler-Generated Software Diversity. In Sushil Jajodia, Anup Ghosh, Vipin Swarup, Cliff Wang, X. Sean Wang (Editors), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security 54, Springer-Verlag, 2011. ISBN: 978-1-4614-0976-2 doi:10.1007/978-1-4614-0977-9_4Buy online from Amazon.
Abstract
Present approaches to software security are to a large extent reactive: when vulnerabilities are discovered, developers scramble to fix the underlying error. The advantage is on the side of the attackers because they only have to find a single vulnerability to exploit all vulnerable systems, while defenders have to prevent the exploitation of all vulnerabilities. We argue that the compiler is at the heart of the solution for this problem: when the compiler is translating high-level source code to low-level machine code, it is able to automatically diversify the machine code, thus creating multiple functionally equivalent, but internally different variants of a program. We present two orthogonal compiler-based techniques. With multi-variant execution, a monitoring layer executes several diversified variants in lockstep while examining their behavior for differences that indicate attacks. With massive-scale software diversity, every user gets its own diversified variant, so that the attacker has no knowledge about the internal structure of that variant and therefore cannot construct an attack. Both techniques make it harder for an attacker to run a successful attack. We discuss variation techniques that the compiler can utilize to diversify software, and evaluate their effectiveness for our two execution models.