Paper Info
Title
Profile-guided automated software diversity
Abstract
Code-reuse attacks are notoriously hard to defeat, and most current solutions to the problem focus on automated software diversity. This is a promising area of research, as diversity attacks the common denominator enabling code-reuse attacksthe software monoculture. Recent research in this area provides security, but at an unfortunate price: performance overhead. Leveraging previously collected profiling information, compilers can substantially improve subsequent code generation. Traditionally, profile-guided optimization focuses on hot program code, where a program spends most of its execution time. Optimizing rarely executed code does not significantly impact performance, so few optimizations focus on this code. We use profile-guided optimization to reduce the performance overhead of software diversity. The primary insight is that we are free to diversify cold code, but restrict our diversification efforts in hot code. Our work investigates the impact of profiling on an expensive diversification technique: NOP insertion. By differentiating between hot cold and cold code, we optimize NOP insertion overheads from a maximum of 25% down to a negligible 1%, while preserving the security properties of the original defense. Consequently, using our profile-guided diversification technique, even randomization techniques having a high performance overhead become practical.
Year
DOI
Venue
2013
10.1109/CGO.2013.6494997
CGO
Keywords
DocType
Citations 
impact performance,cold code,hot code,subsequent code generation,Profile-guided automated software diversity,profile-guided optimization,high performance,performance overhead,hot program code,automated software diversity,NOP insertion overhead
Conference
35
PageRank 
References 
Authors
0.94
21
5
Name
Order
Citations
PageRank
Michael Franz1144499.50
Stefan Brunthaler243119.81
Per Larsen3883.41
Andrei Homescu43269.32
Steven Neisius5350.94