Ajou University repository

A framework for software diversification with ISA heterogeneity
  • Wang, Xiaoguang ;
  • Yeoh, Seng Ming ;
  • Lyerly, Robert ;
  • Olivier, Pierre ;
  • Kim, Sang Hoon ;
  • Ravindran, Binoy
Citations

SCOPUS

0

Citation Export

Publication Year
2020-01-01
Journal
RAID 2020 Proceedings - 23rd International Symposium on Research in Attacks, Intrusions and Defenses
Publisher
USENIX Association
Citation
RAID 2020 Proceedings - 23rd International Symposium on Research in Attacks, Intrusions and Defenses, pp.427-442
Mesh Keyword
Architecture communityChip multiprocessorsCode randomizationEvaluation resultsMoving target defensePrecise locationsSimulation stagesSoftware frameworks
All Science Classification Codes (ASJC)
Computer Science (all)Safety, Risk, Reliability and QualityLawSafety Research
Abstract
Software diversification is one of the most effective ways to defeat memory corruption based attacks. Traditional software diversification such as code randomization techniques diversifies program memory layout and makes it difficult for attackers to pinpoint the precise location of a target vulnerability. Some recent work in the architecture community use diverse ISA configurations to defeat code injection or code reuse attacks, showing that dynamically switching the ISA on which a program executes is a promising direction for future security systems. However, most of these work either remain in a simulation stage or require extra efforts to write program. In this paper, we propose HeterSec, a framework to secure applications utilizing a heterogeneous ISA setup composed of real world machines. HeterSec runs on top of commodity x86_64 and ARM64 machines and gives the process the illusion that it runs on a multi-ISA chip multiprocessor (CMP) machine. With HeterSec, a process can dynamically select its underlying ISA environment. Therefore, a protected process would be capable of hiding the instruction set on which it executed or detecting abnormal program behavior by comparing execution results step-by-step from multiple ISA-diversified instances. To demonstrate the effectiveness of such a software framework, we implemented HeterSec on Linux and showcased its deployability by running it on a pair of x86_64 and ARM64 servers, connected over InfiniBand. We then conducted two case studies with HeterSec. In the first case, we implemented a multi-ISA moving target defense (MTD) system, which introduces uncertainty at the instruction set level. In the second case, we implemented a multi-ISA-based multi-version execution (MVX) system. The evaluation results show that HeterSec brings security benefits through ISA diversification with a reasonable performance overhead.
Language
eng
URI
https://aurora.ajou.ac.kr/handle/2018.oak/36554
https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85103498620&origin=inward
Type
Conference
Funding
This work is also supported by Electronics and Telecommunications Research Institute (ETRI) grant funded by the Korean government (20ZS1310).We would like to thank the anonymous reviewers for their insightful comments. This work is supported in part by grants received by Virginia Tech including that from the US Office of Naval Research (ONR) under grants N00014-18-1-2022, N00014-16-1-2104, and N00014-16-1-2711, and from NAVSEA/NEEC under grant N00174-16-C-0018. Kim’s work at Virginia Tech (former affiliation) was supported by ONR under grants N00014-16-1-2711 and N00014-18-1-2022. Olivier’s work at Virginia Tech (former affiliation) was supported by ONR under grants N00014-16-1-2104 and N00014-18-1-2022. Lyerly’s work at Virginia Tech (former affiliation) was supported in part by NAVSEA/NEEC under grant N00174-16-C-0018.
Show full item record

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Kim, Sang-Hoon Image
Kim, Sang-Hoon김상훈
Department of Software and Computer Engineering
Read More

Total Views & Downloads

File Download

  • There are no files associated with this item.