Chapter

Moving Target Defense

Volume 54 of the series Advances in Information Security pp 77-98

Date:

Compiler-Generated Software Diversity

  • Todd JacksonAffiliated withDepartment of Computer Science, University of California Email author 
  • , Babak SalamatAffiliated withDepartment of Computer Science, University of California
  • , Andrei HomescuAffiliated withDepartment of Computer Science, University of California
  • , Karthikeyan ManivannanAffiliated withDepartment of Computer Science, University of California
  • , Gregor WagnerAffiliated withDepartment of Computer Science, University of California
  • , Andreas GalAffiliated withDepartment of Computer Science, University of California
  • , Stefan BrunthalerAffiliated withDepartment of Computer Science, University of California
  • , Christian WimmerAffiliated withDepartment of Computer Science, University of California
  • , Michael FranzAffiliated withDepartment of Computer Science, University of California

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Present approaches to software security are to a large extent reactive: when vulnerabilities are discovered, developers scramble to fix the underlying error. The advantage is on the side of the attackers because they only have to find a single vulnerability to exploit all vulnerable systems, while defenders have to prevent the exploitation of all vulnerabilities. We argue that the compiler is at the heart of the solution for this problem: when the compiler is translating high-level source code to low-level machine code, it is able to automatically diversify the machine code, thus creating multiple functionally equivalent, but internally different variants of a program.We present two orthogonal compiler-based techniques.With multi-variant execution, a monitoring layer executes several diversified variants in lockstep while examining their behavior for differences that indicate attacks. With massive-scale software diversity, every user gets its own diversified variant, so that the attacker has no knowledge about the internal structure of that variant and therefore cannot construct an attack. Both techniques make it harder for an attacker to run a successful attack. We discuss variation techniques that the compiler can utilize to diversify software, and evaluate their effectiveness for our two execution models.