End-to-End Software Diversification of Internet Services
- 2k Downloads
Software diversification has been approached as a tool to provide security guarantees for programs that lack type safety (e.g., programs written in C). In this setting, diversification operates by changing the memory layout of program code or data and by changing the syntax of program code. These techniques succeed as a defense against an attacker’s use of type-safety vulnerabilities (e.g., buffer overflows) because they randomize the key elements necessary to a successful low-level intrusion (memory addresses and memory contents). This chapter proposes to extend software diversification from a point technique, applied to hand-picked aspects of a single program, to an comprehensive technique applied by default to all components of an application. Internet services is used as a focused example here.
Unable to display preview. Download preview PDF.
- 1.Sql injections top attack statistics. Dark Reading: http://www.darkreading. com/database_security/security/app-security/showArticle.jhtml? articleID=223100129, February 2010.
- 2.Multiple facebook vulnerabilities reported on full-disclosure. Zero Day: http://www.zdnet.com/blog/security/ multiple-facebook-vulnerabilities-reported-on-full-disclosure/ 1414, July 2008.
- 3.PHP manual: Magic quotes. http://php.net/manual/en/security. magicquotes.php, September 2010.
- 4.The web application security consortium: Web application security statistics. http://projects.webappsec.org/Web-Application-Security-Statistics, September 2010.