G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

Slides:



Advertisements
Similar presentations
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Advertisements

David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Moving Target Defense in Cyber Security
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
University of VirginiaDARPA SRS - 27 Jan Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.
Chapter 2 The Software Process
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Review: Software Security David Brumley Carnegie Mellon University.
Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.
Instruction-Set Randomization “Countering Code-Injection Attacks With Instruction-Set Randomization” G. Kc, A. Keromytis, and V. Prevelakis CCS October.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
Stack buffer overflow
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Buffer overflows and various code injection methods Raghunathan Srinivasan CSE 539, 2/2/2011.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
Address Space Layout Permutation
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
1 “Operating System Protection Through Program Evolution” Dr. Frederick B. Cohen “…one of the major reasons attacks succeed is because of the static nature.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Carnegie Mellon Selected Topics in Automated Diversity Stephanie Forrest University of New Mexico Mike Reiter Dawn Song Carnegie Mellon University.
Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.
Mitigation of Buffer Overflow Attacks
N-Variant Systems A Secretless Framework for Security through Diversity Institute of Software Chinese Academy of Sciences 29 May 2006 David Evans
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 10 “Buffer Overflow”.
Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.
Identification and Protection of Security-Critical Data Nora Sovarel University of Virginia Computer Science June 6, 2006 MCS Project Presentation.
Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Approved for Public Release, Distribution Unlimited G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans,
Where’s the FEEB? Effectiveness of Instruction Set Randomization CERIAS Security Seminar Purdue University 9 March 2005 David Evans University of Virginia.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Where’s the FEEB?: Effectiveness of Instruction Set Randomization Nora Sovarel, David Evans, Nate Paul University of Virginia Computer Science USENIX Security.
G ENESIS: Security Through Software Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
N-Variant Systems A Secretless Framework for Security through Diversity Benjamin Cox David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson,
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Presentation subtitle: 20pt Arial Regular, green R223 | G255 | B102 Recommended maximum length: 2 lines Confidentiality/date line: 13pt Arial Regular,
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Sabrina Wilkes-Morris CSCE 548 Student Presentation
The Hardware/Software Interface CSE351 Winter 2013
University of Virginia
The Effectiveness of Instruction Set Randomization
Advanced Buffer Overflow: Pointer subterfuge
Stealing Secrets and Secretless Security Structures
        Jefferson’s Polygraph
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Return-to-libc Attacks
Presentation transcript:

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie Mellon University

University of Virginia SRS July 2005 PI Meeting2 Project Overview Existing practice: Monoculture Technical objectives: Exploit artificial diversity to break existing software monoculture Technical approach: Artificial diversity at compile, link, load, and execution times Combinations selectable with toolkit

University of Virginia SRS July 2005 PI Meeting3 Major risks and planned mitigation: Susceptibility to new class of attacks Deployment issues Ad hoc evaluation Quantitative metrics: Fraction of variants that remain susceptible to attack after transformation Expected major achievements: Significant reduction in susceptibility Task milestones (schedule 12/31/05): Complete diversity toolkit Evaluate complete spectrum of diversity techniques Project Overview

University of Virginia SRS July 2005 PI Meeting4 Genesis Diversity Toolkit

University of Virginia SRS July 2005 PI Meeting5 Genesis Diversity Generator

University of Virginia SRS July 2005 PI Meeting6

University of Virginia SRS July 2005 PI Meeting7 Strong ISR using AES and IT Randomized Instruction Set Emulation, E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovi, ACM Transactions on Information System Security. 8(1), pp Current implementations of ISR execute injected code Random instruction sequences are executed Rely on probabilistic arguments that the random sequences will crash harmlessly Not realistic for critical embedded systems Recovery of application is difficult/impossible Vulnerable to attack Where’s the FEEB?, Ana Sovarel and Dave Evans, USENIX Security Conference, August Overhead issues (both space and time)

University of Virginia SRS July 2005 PI Meeting8 Strong ISR using AES and IT

University of Virginia SRS July 2005 PI Meeting9 Strong ISR using AES and IT

University of Virginia SRS July 2005 PI Meeting10 CSD: Calling sequence diversity Compile-time/runtime technique to create a software population with many different calling sequences Effective defense against “return-to-libc” attacks (also known as arc injection, Pincus and Baker, IEEE Security and Privacy, 2(4), pp ) Return-to-libc does not require injecting code into the application ISR is not an effective defense against return-to-libc type attacks

University of Virginia SRS July 2005 PI Meeting11 Return-to-libc attack void bar(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: ; chmod +x dropshell ;./dropshell

University of Virginia SRS July 2005 PI Meeting12 void bar() { … key=Keygen(key, &bar, &foo); foo(arg1, arg2); key=Keygen(key, &foo, &bar); … key=Keygen(key, &bar, &baz); baz(arg); key=Keygen(key, &baz, &bar); … } void foo(int a1, int a2) { Keycheck(key); … Keycheck(key); } CSD: Calling sequence diversity

University of Virginia SRS July 2005 PI Meeting13 CSD: Calling sequence diversity Calls to Keygen and Keycheck routines are inserted by the compiler front end (lcc, edg, Phoenix) At runtime: Strata generates a key for each function (stored in protected region) Replaces calls with inline code to generate proper key or check that the key has the proper value

University of Virginia SRS July 2005 PI Meeting14 Return-to-libc attack void bad(int arg1, int arg2) { char buffer[100]; … scanf(“%s”, buffer) …. } … arg2 arg1 return addr Saved ebp buffer Runtime Stack … arg2 Bad arg system Saved ebp buffer Runtime Stack Buffer Overflow wget: ; chmod +x dropshell ;./dropshell

University of Virginia SRS July 2005 PI Meeting15 Genesis Diversity Toolkit

University of Virginia SRS July 2005 PI Meeting16 Toolkit Execution Environment

University of Virginia SRS July 2005 PI Meeting17

University of Virginia SRS July 2005 PI Meeting18 Performance

University of Virginia SRS July 2005 PI Meeting19 Progress Towards Metric Diversity toolkit facilitates: Creation of large number of variants Operating, attacking & monitoring variants Large numbers of variants of Apache created and tested, success rate very high Disclaimers: Only one application Synthetic but realistic vulnerabilities No statistical significance

University of Virginia SRS July 2005 PI Meeting20 Impediments To Success Possibly unacceptable execution performance degradation Unknown security performance against other types of vulnerabilities Need to investigate the spectrum of diversity defense techniques Cost of deployment and maintenance of the variants might be high

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.