Affiliations: [a] Northeastern University, Boston, MA, USA. E-mail: riccardo@ccs.neu.edu | [b] Cornell University, Ithaca, NY, USA. E-mail: fbs@cs.cornell.edu
Note: [*] This work was mainly performed while the first author was at Cornell University. A preliminary version of this paper appears in the Proc. 19th IEEE Computer Security Foundations Workshop, 2006, pp. 230–241. Supported in part by AFOSR Grant F9550-06-0019, National Science Foundation Grants 0430161 and CCF-0424422 (Trust), ONR Grant N00014-01-1-0968, and grants from Microsoft and Intel. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of these organizations or the US Government.
Abstract: A set of replicas is diverse to the extent that they implement the same functionality but differ in their implementation details. Diverse replicas are less likely to succumb to the same attacks, when attacks depend on memory layout and/or other implementation details. Recent work advocates using mechanical means, such as program rewriting, to create such diversity. A correspondence between the specific transformations being employed and the attacks they defend against is often provided, but little has been said about the overall effectiveness of diversity per se in defending against attacks. With this broader goal in mind, this paper gives a precise characterization of attacks, applicable to viewing diversity as a defense, and also shows how mechanically-generated diversity compares to a well-understood defense: type checking.
Keywords: Obfuscation, mechanical-generated diversity, replication, imperative languages, type systems
