Name
Abstract | ||
|---|---|---|
The idea of automatic software diversity is at least two decades old. The deficiencies of currently deployed defenses and the transition to online software distribution (the \"App store\" model) for traditional and mobile computers has revived the interest in automatic software diversity. Consequently, the literature on diversity grew by more than two dozen papers since 2008. Diversity offers several unique properties. Unlike other defenses, it introduces uncertainty in the target. Precise knowledge of the target software provides the underpinning for a wide range of attacks. This makes diversity a broad rather than narrowly focused defense mechanism. Second, diversity offers probabilistic protection similar to cryptography-attacks may succeed by chance so implementations must offer high entropy. Finally, the design space of diversifying program transformations is large. As a result, researchers have proposed multiple approaches to software diversity that vary with respect to threat models, security, performance, and practicality. In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches. We also point to open areas and unresolved challenges. These include \"hybrid solutions\", error reporting, patching, and implementation disclosure attacks on diversified software. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/SP.2014.25 | IEEE Symposium on Security and Privacy |
Keywords | Field | DocType |
cryptography,mobile computing,probability,software performance evaluation,App store model,SoK,automated software diversity,cryptography,error reporting,implementation disclosure attacks,mobile computers,online software distribution,patching attacks,probabilistic protection,program transformations,software attacks | Software design,Software analytics,Computer science,Computer security,Software security assurance,Software system,Software metric,Software construction,Software distribution,Software development | Conference |
ISSN | Citations | PageRank |
1081-6011 | 100 | 2.36 |
References | Authors | |
46 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Per Larsen | 1 | 459 | 23.26 |
| Andrei Homescu | 2 | 326 | 9.32 |
| Stefan Brunthaler | 3 | 431 | 19.81 |
| Michael Franz | 4 | 1444 | 99.50 |