Composite software diversification

Shuai Wang, Pei Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Many techniques of software vulnerability exploitation rely on deep and comprehensive analysis of vulnerable program binaries. If a copy of the vulnerable software is available to attackers, they can compose their attack scripts and payloads by studying the sample copy and launch attacks on other copies of the same software in deployment. By transforming software into different forms before deployment, software diversification is considered as an effective mitigation of attacks originated from malicious binary analyses. Essentially, developing a software diversification transformation is nontrivial because it has to preserve the original functionality, provide strong enough unpredictability, and introduce negligible cost. Enlightened by research in other areas, we seek to apply different diversification transformations to the same program for a synergy effect such that the resulting hybrid transformations can have boosted diversification effects with modest cost. We name this approach the composite software diversification. Although the concept is straightforward, it becomes challenging when searching for satisfactory compositions of primitive transformations that maximize the synergy effect and make a balance between effectiveness and cost. In this work, we undertake an in-depth study and develop a reasonably well working selection strategy to find a transformation composition that performs better than any single transformation used in the composition. We believe our work can provide guidelines for practitioners who would like to improve the design of diversification tools in the future.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages284-294
Number of pages11
ISBN (Electronic)9781538609927
DOIs
StatePublished - Nov 2 2017
Event2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017 - Shanghai, China
Duration: Sep 19 2017Sep 22 2017

Publication series

NameProceedings - 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017

Other

Other2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017
CountryChina
CityShanghai
Period9/19/179/22/17

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software

Fingerprint Dive into the research topics of 'Composite software diversification'. Together they form a unique fingerprint.

  • Cite this

    Wang, S., Wang, P., & Wu, D. (2017). Composite software diversification. In Proceedings - 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017 (pp. 284-294). [8094429] (Proceedings - 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSME.2017.61