Advertisement

Effectiveness of Moving Target Defenses

  • David EvansEmail author
  • Anh Nguyen-Tuong
  • John Knight
Chapter
Part of the Advances in Information Security book series (ADIS, volume 54)

Abstract

Moving target defenses have been proposed as a way to make it much more difficult for an attacker to exploit a vulnerable system by changing aspects of that system to present attackers with a varying attack surface. The hope is that constructing a successful exploit requires analyzing properties of the system, and that in the time it takes an attacker to learn those properties and construct the exploit, the system will have changed enough by the time the attacker can launch the exploit to disrupt the exploit’s functionality. This is a promising and appealing idea, but its security impact is not yet clearly understood. In this chapter, we argue that the actual benefits of the moving target approach are in fact often much less significant than one would expect. We present a model for thinking about dynamic diversity defenses, analyze the security properties of a few example defenses and attacks, and identify scenarios where moving target defenses are and are not effective.

Keywords

Dynamic Diversity Attack Strategy Injection Attack Probe Packet Brute Force Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alexander Peslyak (Solar Designer). Return-to-libc Attack. Bugtraq Mailing List, August 1997.Google Scholar
  2. 2.
    Emery D. Berger and Benjamin G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2006.Google Scholar
  3. 3.
    Sandeep Bhatkar, Daniel DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In USENIX Security Symposium, 2003.Google Scholar
  4. 4.
    StephenW. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. On The General Applicability of Instruction-Set Randomization. IEEE Transactions on Dependable and Secure Computing, 7(3), 2010.Google Scholar
  5. 5.
    Kevin Brown. Balls In Bins with Limited Capacity. http://www.mathpages.com/ home/kmath337.htm.
  6. 6.
    Brian X. Chen. Apple’s Snow Leopard Is Less Secure Than Windows, But Safer. Wired, September 2009.Google Scholar
  7. 7.
    Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. Non-Control- Data Attacks Are Realistic Threats. In USENIX Security Symposium, 2005.Google Scholar
  8. 8.
    Crispin Cowan, Steve Beattie, John Johansen, and PerryWagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. In 12th USENIX Security Symposium, 2003.Google Scholar
  9. 9.
    Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill,Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. N-Variant Systems: A Secretless Framework for Security through Diversity. In USENIX Security Symposium, 2006.Google Scholar
  10. 10.
    Cristian Cadar and Periklis Akritidis and Manuel Costa and Jean-Phillipe Martin and Miguel Castro. Data Randomization. Technical Report TR-120-2008, Microsoft Research, 2008.Google Scholar
  11. 11.
    Tyler Durden. Bypassing PaX ASLR protection. http://www.phrack.com/issues.html?issue=59\&id=9/, 2009.
  12. 12.
    Elena Gabriela Barrantes and David Ackley and Stephanie Forrest and Trek Palmer and Darko Stefanovic and Dino Dai Zovi. Intrusion Detection: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.Google Scholar
  13. 13.
    Elena Gabriela Barrantes and David H. Ackley and Stephanie Forrest and Darko Stefanovic. Randomized Instruction Set Emulation. ACM Transactions on Information and System Security, February 2005.Google Scholar
  14. 14.
    Gaurav S. Kc and Angelos D. Keromytis and Vassilis Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.Google Scholar
  15. 15.
    Sudhakar Govindavajhala and Andrew W. Appel. Using Memory Errors to Attack a Virtual Machine. In IEEE Symposium on Security and Privacy (Oakland), 2003.Google Scholar
  16. 16.
    Norman Hardy. The Confused Deputy (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review, 22(4), October 1988.Google Scholar
  17. 17.
    David Holland, Ada Lim, and Margo Seltzer. An Architecture A Day Keeps The Hacker Away. In Workshop on Architectural Support for Security and Anti-Virus, April 2004.Google Scholar
  18. 18.
    Kubuntu Wiki. Supported Position Independent Executables. https://wiki.kubuntu. org/SecurityTeam/KnowledgeBase/BuiltPIE, 2011.
  19. 19.
    Microsoft Corporation. Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution. http://www.microsoft.com/ technet/security/advisory/961051.mspx, December 2008.
  20. 20.
    Tilo M¨uller. ASLR Smack and Laugh Reference. Seminar on Advanced Exploitation Techniques, February 2008.Google Scholar
  21. 21.
    Ryan Naraine. Adobe PDF Exploits Using Signed Certificates, Bypasses ASLR/DEP. ZDNet Zero Day, September 2010.Google Scholar
  22. 22.
    Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, and Jack W. Davidson. Security through Redundant Data Diversity. In IEEE/IFPF International Conference on Dependable Systems and Networks, June 2008.Google Scholar
  23. 23.
    Anh Nguyen-Tuong, Andrew Wang, Jason D. Hiser, John C. Knight, and Jack W. Davidson. On the effectiveness of the metamorphic shield. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, ECSA ’10, pages 170–174, New York, NY, USA, 2010. ACM.Google Scholar
  24. 24.
    Pratap V. Prahbu and Yingbo Song and Salvatore J. Stolfo. Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode. Technical Report CUCS-037-09, Columbia University, August 2009.Google Scholar
  25. 25.
    Rapid7 LLC. Metasploit. http://www.metasploit.com/, 2003–2011.
  26. 26.
    Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. In USENIX Security Symposium, 2009.Google Scholar
  27. 27.
    Babak Salamat, Andreas Gal, and Michael Franz. Reverse Stack Execution in a Multi-Variant Execution Environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, June 2008.Google Scholar
  28. 28.
    Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. Orchestra: Intrusion Detection using Parallel Execution and Monitoring of Program Variants in User-Space. In ACM European Conference on Computer Systems (EuroSys), 2009.Google Scholar
  29. 29.
    Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In ACM Conference on Computer and Communications Security (CCS), CCS ’04, pages 298–307, New York, NY, USA, 2004. ACM.Google Scholar
  30. 30.
    Alexander Sotirov. Heap Feng Shui in JavaScript. http://www.blackhat. com/presentations/bh-europe-07/Sotirov/Presentation/ bh-eu-07-sotirov-apr19.pdf, 2007.
  31. 31.
    Ana Nora Sovarel, David Evans, and Nathanael Paul. Where’s the feeb? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, Berkeley, CA, USA, 2005. USENIX Association.Google Scholar
  32. 32.
    Stephanie Forrest and Anil Somayaji and David Ackley. Building Diverse Computer Systems. In Hot Topics in Operating Systems, 1997.Google Scholar
  33. 33.
    Stephen W. Boyd and Angelos D. Keromytis. SQLrand: Preventing SQL Injection Attacks. In Applied Cryptography and Network Security (ACNS), 2004.Google Scholar
  34. 34.
    Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, and Thomas Walter. Breaking the Memory Secrecy Assumption. In Second European Workshop on System Security, 2009.Google Scholar
  35. 35.
    PaX Team. PaX Homepage. http://pax.grsecurity.net/, 2000.
  36. 36.
    Wei Hu and Jason Hiser and DanWilliams and Adrian Filipi and JackW. Davidson and David Evans and John C. Knight and Anh Nguyen-Tuong and Jonathan Rowanhill. Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation. In Second International Conference on Virtual Execution Environments, 2006.Google Scholar
  37. 37.
    Yoav Weiss and Elena Gabriela Barrantes. Known/Chosen Key Attacks against Software Instruction Set Randomization. In Annual Computer Security Applications Conference (ACSAC), 2006.Google Scholar
  38. 38.
    Berend-Jan “SkyLined” Wever. MS Internet Explorer (IFRAME Tag) Buffer Overflow Exploit. http://www.exploit-db.com/exploits/612/, 2004.

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.University of VirginiaCharlottesvilleUSA

Personalised recommendations