Effectiveness of Moving Target Defenses
- 2.2k Downloads
Moving target defenses have been proposed as a way to make it much more difficult for an attacker to exploit a vulnerable system by changing aspects of that system to present attackers with a varying attack surface. The hope is that constructing a successful exploit requires analyzing properties of the system, and that in the time it takes an attacker to learn those properties and construct the exploit, the system will have changed enough by the time the attacker can launch the exploit to disrupt the exploit’s functionality. This is a promising and appealing idea, but its security impact is not yet clearly understood. In this chapter, we argue that the actual benefits of the moving target approach are in fact often much less significant than one would expect. We present a model for thinking about dynamic diversity defenses, analyze the security properties of a few example defenses and attacks, and identify scenarios where moving target defenses are and are not effective.
KeywordsDynamic Diversity Attack Strategy Injection Attack Probe Packet Brute Force Attack
Unable to display preview. Download preview PDF.
- 1.Alexander Peslyak (Solar Designer). Return-to-libc Attack. Bugtraq Mailing List, August 1997.Google Scholar
- 2.Emery D. Berger and Benjamin G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2006.Google Scholar
- 3.Sandeep Bhatkar, Daniel DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In USENIX Security Symposium, 2003.Google Scholar
- 4.StephenW. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. On The General Applicability of Instruction-Set Randomization. IEEE Transactions on Dependable and Secure Computing, 7(3), 2010.Google Scholar
- 5.Kevin Brown. Balls In Bins with Limited Capacity. http://www.mathpages.com/ home/kmath337.htm.
- 6.Brian X. Chen. Apple’s Snow Leopard Is Less Secure Than Windows, But Safer. Wired, September 2009.Google Scholar
- 7.Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. Non-Control- Data Attacks Are Realistic Threats. In USENIX Security Symposium, 2005.Google Scholar
- 8.Crispin Cowan, Steve Beattie, John Johansen, and PerryWagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. In 12th USENIX Security Symposium, 2003.Google Scholar
- 9.Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill,Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. N-Variant Systems: A Secretless Framework for Security through Diversity. In USENIX Security Symposium, 2006.Google Scholar
- 10.Cristian Cadar and Periklis Akritidis and Manuel Costa and Jean-Phillipe Martin and Miguel Castro. Data Randomization. Technical Report TR-120-2008, Microsoft Research, 2008.Google Scholar
- 11.Tyler Durden. Bypassing PaX ASLR protection. http://www.phrack.com/issues.html?issue=59\&id=9/, 2009.
- 12.Elena Gabriela Barrantes and David Ackley and Stephanie Forrest and Trek Palmer and Darko Stefanovic and Dino Dai Zovi. Intrusion Detection: Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.Google Scholar
- 13.Elena Gabriela Barrantes and David H. Ackley and Stephanie Forrest and Darko Stefanovic. Randomized Instruction Set Emulation. ACM Transactions on Information and System Security, February 2005.Google Scholar
- 14.Gaurav S. Kc and Angelos D. Keromytis and Vassilis Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In 10th ACM Conference on Computer and Communications Security (CCS), 2003.Google Scholar
- 15.Sudhakar Govindavajhala and Andrew W. Appel. Using Memory Errors to Attack a Virtual Machine. In IEEE Symposium on Security and Privacy (Oakland), 2003.Google Scholar
- 16.Norman Hardy. The Confused Deputy (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review, 22(4), October 1988.Google Scholar
- 17.David Holland, Ada Lim, and Margo Seltzer. An Architecture A Day Keeps The Hacker Away. In Workshop on Architectural Support for Security and Anti-Virus, April 2004.Google Scholar
- 18.Kubuntu Wiki. Supported Position Independent Executables. https://wiki.kubuntu. org/SecurityTeam/KnowledgeBase/BuiltPIE, 2011.
- 19.Microsoft Corporation. Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution. http://www.microsoft.com/ technet/security/advisory/961051.mspx, December 2008.
- 20.Tilo M¨uller. ASLR Smack and Laugh Reference. Seminar on Advanced Exploitation Techniques, February 2008.Google Scholar
- 21.Ryan Naraine. Adobe PDF Exploits Using Signed Certificates, Bypasses ASLR/DEP. ZDNet Zero Day, September 2010.Google Scholar
- 22.Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, and Jack W. Davidson. Security through Redundant Data Diversity. In IEEE/IFPF International Conference on Dependable Systems and Networks, June 2008.Google Scholar
- 23.Anh Nguyen-Tuong, Andrew Wang, Jason D. Hiser, John C. Knight, and Jack W. Davidson. On the effectiveness of the metamorphic shield. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, ECSA ’10, pages 170–174, New York, NY, USA, 2010. ACM.Google Scholar
- 24.Pratap V. Prahbu and Yingbo Song and Salvatore J. Stolfo. Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode. Technical Report CUCS-037-09, Columbia University, August 2009.Google Scholar
- 25.Rapid7 LLC. Metasploit. http://www.metasploit.com/, 2003–2011.
- 26.Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. In USENIX Security Symposium, 2009.Google Scholar
- 27.Babak Salamat, Andreas Gal, and Michael Franz. Reverse Stack Execution in a Multi-Variant Execution Environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, June 2008.Google Scholar
- 28.Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. Orchestra: Intrusion Detection using Parallel Execution and Monitoring of Program Variants in User-Space. In ACM European Conference on Computer Systems (EuroSys), 2009.Google Scholar
- 29.Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In ACM Conference on Computer and Communications Security (CCS), CCS ’04, pages 298–307, New York, NY, USA, 2004. ACM.Google Scholar
- 31.Ana Nora Sovarel, David Evans, and Nathanael Paul. Where’s the feeb? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, Berkeley, CA, USA, 2005. USENIX Association.Google Scholar
- 32.Stephanie Forrest and Anil Somayaji and David Ackley. Building Diverse Computer Systems. In Hot Topics in Operating Systems, 1997.Google Scholar
- 33.Stephen W. Boyd and Angelos D. Keromytis. SQLrand: Preventing SQL Injection Attacks. In Applied Cryptography and Network Security (ACNS), 2004.Google Scholar
- 34.Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, and Thomas Walter. Breaking the Memory Secrecy Assumption. In Second European Workshop on System Security, 2009.Google Scholar
- 35.PaX Team. PaX Homepage. http://pax.grsecurity.net/, 2000.
- 36.Wei Hu and Jason Hiser and DanWilliams and Adrian Filipi and JackW. Davidson and David Evans and John C. Knight and Anh Nguyen-Tuong and Jonathan Rowanhill. Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation. In Second International Conference on Virtual Execution Environments, 2006.Google Scholar
- 37.Yoav Weiss and Elena Gabriela Barrantes. Known/Chosen Key Attacks against Software Instruction Set Randomization. In Annual Computer Security Applications Conference (ACSAC), 2006.Google Scholar
- 38.Berend-Jan “SkyLined” Wever. MS Internet Explorer (IFRAME Tag) Buffer Overflow Exploit. http://www.exploit-db.com/exploits/612/, 2004.