Paper Info
Title
Tailored source code transformations to synthesize computationally diverse program variants
Abstract
The predictability of program execution provides attackers a rich source of knowledge who can exploit it to spy or remotely control the program. Moving target defense ad- dresses this issue by constantly switching between many di- verse variants of a program, which reduces the certainty that an attacker can have about the program execution. The ef- fectiveness of this approach relies on the availability of a large number of software variants that exhibit dierent ex- ecutions. However, current approaches rely on the natural diversity provided by o-the-shelf components, which is very limited. In this paper, we explore the automatic synthe- sis of large sets of program variants, called sosies. Sosies provide the same expected functionality as the original pro- gram, while exhibiting dierent executions. They are said to be computationally diverse. This work addresses two objectives: comparing dierent transformations for increasing the likelihood of sosie synthe- sis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosies. We synthesized 30 184 sosies in total, for 9 large, real-world, open source ap- plications. For all these programs we identied one type of program analysis that systematically increases the density of sosies; we measured computation diversity for sosies of 3 programs and found diversity in method calls or data in more than 40% of sosies. This is a step towards controlled massive unpredictability of software.
Year
DOI
Venue
2014
10.1145/2610384.2610415
ISSTA
Keywords
DocType
Volume
program transformation,reliability,software diversity,testing and debugging
Journal
abs/1401.7635
Citations 
PageRank 
References 
13
0.59
25
Authors
3
Name
Order
Citations
PageRank
Benoit Baudry12000118.08
Simon Allier2645.19
Martin Monperrus3133070.54