EBookClubs

Read Books & Download eBooks Full Online

EBookClubs

Read Books & Download eBooks Full Online

Book Automated Software Diversity

Download or read book Automated Software Diversity written by Per Larsen and published by Springer Nature. This book was released on 2022-05-31 with total page 76 pages. Available in PDF, EPUB and Kindle. Book excerpt: Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Book Enhancing and Extending Software Diversity

Download or read book Enhancing and Extending Software Diversity written by Stephen Crane and published by . This book was released on 2015 with total page 146 pages. Available in PDF, EPUB and Kindle. Book excerpt: Software immunity through diversity is a promising research direction. Address Space Layout Randomization has been widely deployed to defend against code-reuse attacks and significantly raises the bar for attackers. However, automated software diversity is still exploitable by adroit and adaptable adversaries. Using powerful memory disclosure attacks, offensive researchers have demonstrated weaknesses in conventional randomization techniques. In addition, current defenses are largely passive and allow attackers to continuously brute-force randomized defenses with little impediment. Building on the foundation of automated software diversity, we propose novel techniques to strengthen the security and broaden the impact of code randomization. We first discuss software booby traps, a new active defense technique enabled by randomized program contents. We then propose, implement, and evaluate a comprehensive randomization-based system, Readactor++, which is resilient to all types of memory disclosure attacks. Readactor++ enforces execute-only memory protections on commodity x86 processors, thus preventing direct disclosure of randomized code. We also identify the indirect disclosure attack, a new class of code leakage via data disclosure, and mitigate this attack as well. By integrating booby traps into our system, we protect against brute-force memory disclosure attempts. In our evaluation we find that Readactor++ compares favorably to other memory-disclosure resilient code-reuse defenses and that it scales effectively to complex, real-world software. Finally, we propose a novel extension of code randomization to mitigate side-channel rather than code-reuse attacks. Using control-flow diversity, a novel control-flow transformation, we introduce dynamic behavior into program side effects with fast, static code. As an example, we apply this technique to mitigate an AES cache side-channel attack. With our techniques, software diversity can now be efficiently secured against advanced attacks, including memory disclosure and function table reuse, and is adaptable to combat new classes of threats, such as side-channel attacks.

Book Defeating Memory Error Exploits Using Automated Software Diversity

Download or read book Defeating Memory Error Exploits Using Automated Software Diversity written by and published by . This book was released on 2007 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Software Diversity in Computerized Control Systems

Download or read book Software Diversity in Computerized Control Systems written by Udo Voges and published by Springer. This book was released on 2012-01-09 with total page 216 pages. Available in PDF, EPUB and Kindle. Book excerpt: Software Diversity is one of the fault-tolerance means to achieve dependable systems. In this volume, some experimental systems as well as real-life applications of software diversity are presented. The history, the current state-of-the-art and future perspectives are given. Although this technique is used quite successfully in industrial applications, further research is necessary to solve some open questions. We hope to report on new results and applications in another volume of this series within some years. Acknowledgements The idea of the workshop was put forward by the chairpersons of IFIP WG lOA, J. -c. Laprie, J. F. Meyer and Y. Tohma, in January 1986, and the edi tor of this volume was asked to organize the workshop. This volume was edited with the assistance of the editors of the series, A. AviZienis, H. Kopetz and J. -C. Laprie, who also had the function of reviewers. Karlsruhe, October 1987 U. Voges, Editor Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1. Introduction U. Voges 2. Railway Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 ERICSSON Safety System for Railway Control . . . . . . . . . . . . . . . . . . 11 G. Hagelin 3. Nuclear Applications . . . . . . . . . . . . . . . . . . . . . . 23 Use of Diversity in Experimental Reactor Safety Systems . 29 U. Voges The PODS Diversity Experiment . 51 P. G. Bishop 4. Flight Applications . . . . . . . . . . . . . . . . . . . . . . . . . 85 AIRBUS and ATR System Architecture and Specification. . 95 P. Traverse 5. University Research . . . . . . . . . . . . . . . . . . . 105 Tolerating Software Design Faults in a Command and Control System . . . . . . . . . . . . . . . . . . . . . . 109 T. Anderson, P. A. Barrett, D. N. Halliwell, M. R. Moulding DEDIX 87 - A Supervisory System for Design Diversity Experiments at UCLA . . . . . . . . . . . . . . . . . .

Book Securing Statically and Dynamically Compiled Programs Using Software Diversity

Download or read book Securing Statically and Dynamically Compiled Programs Using Software Diversity written by Andrei Homescu and published by . This book was released on 2015 with total page 113 pages. Available in PDF, EPUB and Kindle. Book excerpt: Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus on automated software diversity. This is a promising area of research, as diversity attacks one cause of code reuse attacks0́4the software monoculture. Software diversity raises the costs of an attack by providing users with different variations of the same program. However, modern software diversity implementations are still vulnerable to certain threats: code disclosure attacks and attacks targeted at JIT (just-in-time) compilers for dynamically compiled languages. In this dissertation, we address the pressing problem of building secure systems out of programs written in unsafe languages. Specifically, we use software diversity to present attackers with an unpredictable attack surface. This dissertation contributes new techniques that improve the security, efficiency, and coverage of software diversity. We discuss three practical aspects of software diversity deployment: (i) performance optimization using profile guided code randomization, (ii) transparent code randomization for JIT compilers, and (iii) code hiding support for JIT compilers. We make the following contributions: we show a generic technique to reduce the runtime cost of software diversity, describe the first technique that diversifies the output of JIT compilers and requires no source code changes to the JIT engine, and contribute new techniques to prevent disclosure of diversified code. Specifically, we demonstrate how to switch between execute-only and read-write page permissions to efficiently and comprehensively prevent JIT-oriented exploits. Our in-depth performance and security evaluation shows that software diversity can be efficiently implemented with low overhead (as low as 1% for profile-guided NOP insertion and 7.8% for JIT code hiding) and is an effective defense against a large class of code reuse and code disclosure attacks.

Book Defeating memory error exploits using automated software diversity

Download or read book Defeating memory error exploits using automated software diversity written by and published by . This book was released on 2005 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt: Defeating memory error exploits using automated software diversity.

Book Software Diversity and Its Implications in the N version Software Life Cycle

Download or read book Software Diversity and Its Implications in the N version Software Life Cycle written by Jia-Hong Chen and published by . This book was released on 1990 with total page 512 pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Automated Methods for Creating Diversity in Computer Systems

Download or read book Automated Methods for Creating Diversity in Computer Systems written by Elena Gabriela Barrantes Sliesarieva and published by . This book was released on 2005 with total page 236 pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Automating Systems Development

Download or read book Automating Systems Development written by David R. Benyon and published by Springer Science & Business Media. This book was released on 2012-12-06 with total page 495 pages. Available in PDF, EPUB and Kindle. Book excerpt: 1 INTRODUCTION These proceedings are the result of a conference on Automating Systems Development held at Leicester Polytechnic, England on 14 to 16 April 1987. The conference was attended by over 170 delegates from industry and academia and it represents a comprehensive review of the state of the art of the use of the computer based tools for the analysis, design and construction of Information Systems (IS). Two parallel streams ran throughout the conference. The academic, or research, papers were the fruit of British, European and Canadian research, with some of the papers reflecting UK Government funded Alvey or European ESPRIT research projects. Two important touchstones guided the selection of academic papers. Firstly, they should be primarily concerned with system, rather than program, development. Secondly, they should be easily accessible to delegates and readers. We felt that formal mathematical papers had plenty of other opportunities for airing and publication. The second stream was the applied programme; a set of formal presentations given by leading software vendors and consultancies. It is clear that many advances in systems development are actually applied, rather than re search led. Thus it was important for delegates to hear how leading edge companies view the State of the Art. This was supported by a small exhibi tion area where certain vendors demonstrated the software they had intro duced in the formal presentation.

Book The Effectiveness of Software Diversity

Download or read book The Effectiveness of Software Diversity written by Meine Jochum Peter Van der Meulen and published by . This book was released on 2008 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Automated Diversity in Computer Systems

Download or read book Automated Diversity in Computer Systems written by and published by . This book was released on 2005 with total page 99 pages. Available in PDF, EPUB and Kindle. Book excerpt: Attackers penetrate a large number of computers by exploiting common vulnerabilities. The objective of this effort is to address this internet-wide weakness by introducing diversity into computers so that a successful attack on one computer does not necessarily work on another one, even though it may be running identical software.

Book Evaluation of Automated Software Development Tools

Download or read book Evaluation of Automated Software Development Tools written by Michael Joseph Dillenburg and published by . This book was released on 1984 with total page 272 pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Diversity in Automatic Cloud Computing Resource Selection

Download or read book Diversity in Automatic Cloud Computing Resource Selection written by Vinicius Vielmo Cogo and published by LAP Lambert Academic Publishing. This book was released on 2013 with total page 68 pages. Available in PDF, EPUB and Kindle. Book excerpt: Obtaining correct results and behaviour on computing is a long-standing concern. Such guarantee can be obtained through fault and intrusion tolerance (FIT) mechanisms, which aim to tolerate accidental and arbitrary faults. Byzantine fault tolerant replication, when combined with proactive recovery techniques, can tolerate any number of arbitrary faults during the entire system life time. However, common vulnerabilities shared between replicas can compromise such tolerance. Diversity is a complementary mechanism that combines diverse resources to increase vulnerability independence between system components. Obtaining diversity automatically is a process that can be decomposed into two phases: creation and selection. The first phase consists in providing enough diverse resources to be considered, combined and selected in second phase. In this work we review basic FIT mechanisms, and analyze diversity in cloud computing environments. We present the DiversityAgent, a Java library for selecting cloud resources considering multiple diversity properties. Finally, we integrate this library with two use cases and evaluate its correctness and performance.

Book Developer s Guide to Automated Software Environments

Download or read book Developer s Guide to Automated Software Environments written by William E. Riddle and published by . This book was released on 1986 with total page 200 pages. Available in PDF, EPUB and Kindle. Book excerpt:

Book Modern Industrial Automation Software Design

Download or read book Modern Industrial Automation Software Design written by Lingfeng Wang and published by Wiley-IEEE Press. This book was released on 2006-02-10 with total page 352 pages. Available in PDF, EPUB and Kindle. Book excerpt: The main subjects in this book relate to software development using cutting-edge technologies for real-world industrial automation applications A hands-on approach to applying a wide variety of emerging technologies to modern industrial practice problems Explains key concepts through clear examples, ranging from simple to more complex problem domains, and all based on real-world industrial problems A useful reference book for practicing engineers as well as an updated resource book for researchers

Book Automated Software Generation Approaches for the Design and Development of Guidance and Control Systems Software

Download or read book Automated Software Generation Approaches for the Design and Development of Guidance and Control Systems Software written by North Atlantic Treaty Organization and published by . This book was released on 1992 with total page 186 pages. Available in PDF, EPUB and Kindle. Book excerpt: