Abstract
Moving target defenses have been proposed as a way to make it much more difficult for an attacker to exploit a vulnerable system by changing aspects of that system to present attackers with a varying attack surface. The hope is that constructing a successful exploit requires analyzing properties of the system, and that in the time it takes an attacker to learn those properties and construct the exploit, the system will have changed enough by the time the attacker can launch the exploit to disrupt the exploit’s functionality. This is a promising and appealing idea, but its security impact is not yet clearly understood. In this chapter, we argue that the actual benefits of the moving target approach are in fact often much less significant than one would expect. We present a model for thinking about dynamic diversity defenses, analyze the security properties of a few example defenses and attacks, and identify scenarios where moving target defenses are and are not effective.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexander Peslyak (Solar Designer). Return-to-libc Attack. Bugtraq Mailing List, August 1997.
Emery D. Berger and Benjamin G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2006.
Sandeep Bhatkar, Daniel DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In USENIX Security Symposium, 2003.
StephenW. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. On The General Applicability of Instruction-Set Randomization. IEEE Transactions on Dependable and Secure Computing, 7(3), 2010.
Kevin Brown. Balls In Bins with Limited Capacity. http://www.mathpages.com/ home/kmath337.htm.
Brian X. Chen. Apple’s Snow Leopard Is Less Secure Than Windows, But Safer. Wired, September 2009.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. Non-Control- Data Attacks Are Realistic Threats. In USENIX Security Symposium, 2005.
Crispin Cowan, Steve Beattie, John Johansen, and PerryWagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. In 12th USENIX Security Symposium, 2003.
Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill,Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. N-Variant Systems: A Secretless Framework for Security through Diversity. In USENIX Security Symposium, 2006.
Cristian Cadar and Periklis Akritidis and Manuel Costa and Jean-Phillipe Martin and Miguel Castro. Data Randomization. Technical Report TR-120-2008, Microsoft Research, 2008.
Tyler Durden. Bypassing PaX ASLR protection. http://www.phrack.com/issues.html?issue=59\&id=9/, 2009.
Elena Gabriela Barrantes and David Ackley and Stephanie Forrest and Trek Palmer and Darko Stefanovic and Dino Dai Zovi. Intrusion Detection: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.
Elena Gabriela Barrantes and David H. Ackley and Stephanie Forrest and Darko Stefanovic. Randomized Instruction Set Emulation. ACM Transactions on Information and System Security, February 2005.
Gaurav S. Kc and Angelos D. Keromytis and Vassilis Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.
Sudhakar Govindavajhala and Andrew W. Appel. Using Memory Errors to Attack a Virtual Machine. In IEEE Symposium on Security and Privacy (Oakland), 2003.
Norman Hardy. The Confused Deputy (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review, 22(4), October 1988.
David Holland, Ada Lim, and Margo Seltzer. An Architecture A Day Keeps The Hacker Away. In Workshop on Architectural Support for Security and Anti-Virus, April 2004.
Kubuntu Wiki. Supported Position Independent Executables. https://wiki.kubuntu. org/SecurityTeam/KnowledgeBase/BuiltPIE, 2011.
Microsoft Corporation. Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution. http://www.microsoft.com/ technet/security/advisory/961051.mspx, December 2008.
Tilo M¨uller. ASLR Smack and Laugh Reference. Seminar on Advanced Exploitation Techniques, February 2008.
Ryan Naraine. Adobe PDF Exploits Using Signed Certificates, Bypasses ASLR/DEP. ZDNet Zero Day, September 2010.
Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, and Jack W. Davidson. Security through Redundant Data Diversity. In IEEE/IFPF International Conference on Dependable Systems and Networks, June 2008.
Anh Nguyen-Tuong, Andrew Wang, Jason D. Hiser, John C. Knight, and Jack W. Davidson. On the effectiveness of the metamorphic shield. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, ECSA ’10, pages 170–174, New York, NY, USA, 2010. ACM.
Pratap V. Prahbu and Yingbo Song and Salvatore J. Stolfo. Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode. Technical Report CUCS-037-09, Columbia University, August 2009.
Rapid7 LLC. Metasploit. http://www.metasploit.com/, 2003–2011.
Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. In USENIX Security Symposium, 2009.
Babak Salamat, Andreas Gal, and Michael Franz. Reverse Stack Execution in a Multi-Variant Execution Environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, June 2008.
Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. Orchestra: Intrusion Detection using Parallel Execution and Monitoring of Program Variants in User-Space. In ACM European Conference on Computer Systems (EuroSys), 2009.
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In ACM Conference on Computer and Communications Security (CCS), CCS ’04, pages 298–307, New York, NY, USA, 2004. ACM.
Alexander Sotirov. Heap Feng Shui in JavaScript. http://www.blackhat. com/presentations/bh-europe-07/Sotirov/Presentation/ bh-eu-07-sotirov-apr19.pdf, 2007.
Ana Nora Sovarel, David Evans, and Nathanael Paul. Where’s the feeb? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, Berkeley, CA, USA, 2005. USENIX Association.
Stephanie Forrest and Anil Somayaji and David Ackley. Building Diverse Computer Systems. In Hot Topics in Operating Systems, 1997.
Stephen W. Boyd and Angelos D. Keromytis. SQLrand: Preventing SQL Injection Attacks. In Applied Cryptography and Network Security (ACNS), 2004.
Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, and Thomas Walter. Breaking the Memory Secrecy Assumption. In Second European Workshop on System Security, 2009.
PaX Team. PaX Homepage. http://pax.grsecurity.net/, 2000.
Wei Hu and Jason Hiser and DanWilliams and Adrian Filipi and JackW. Davidson and David Evans and John C. Knight and Anh Nguyen-Tuong and Jonathan Rowanhill. Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation. In Second International Conference on Virtual Execution Environments, 2006.
Yoav Weiss and Elena Gabriela Barrantes. Known/Chosen Key Attacks against Software Instruction Set Randomization. In Annual Computer Security Applications Conference (ACSAC), 2006.
Berend-Jan “SkyLined” Wever. MS Internet Explorer (IFRAME Tag) Buffer Overflow Exploit. http://www.exploit-db.com/exploits/612/, 2004.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Evans, D., Nguyen-Tuong, A., Knight, J. (2011). Effectiveness of Moving Target Defenses. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_2
Download citation
DOI: https://doi.org/10.1007/978-1-4614-0977-9_2
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-0976-2
Online ISBN: 978-1-4614-0977-9
eBook Packages: Computer ScienceComputer Science (R0)