Automated software diversity / Per Larsen, Stefan Brunthaler, Lucas Davi, Ahmad-Reza Sadeghi, Michael Franz.
Saved in:
| Online Access: |
Full Text (via Morgan & Claypool) |
|---|---|
| Main Authors: | , , , , |
| Format: | eBook |
| Language: | English |
| Published: |
San Rafael, California (1537 Fourth Street, San Rafael, CA 94901 USA) :
Morgan & Claypool,
2016.
|
| Series: | Synthesis lectures on information security, privacy, and trust (Online) ;
# 14. |
| Subjects: |
Table of Contents:
- 1. Introduction
- 1.1 A brief history of program randomization
- 1.2 Book overview
- 2. Attacking and defending
- 2.1 Taxonomy of attacks
- 2.1.1 Memory corruption attacks
- 2.1.2 Information leaks
- 2.1.3 Code injection
- 2.1.4 Code reuse
- 2.1.5 JIT attacks
- 2.1.6 Program tampering
- 2.1.7 Reverse engineering
- 2.2 Taxonomy of defenses
- 2.2.1 Enforcement-based defenses
- 2.2.2 Program integrity monitors
- 2.2.3 Diversity-based defenses
- 2.2.4 Program obfuscation
- 3. What to diversify
- 3.1 Instruction level
- 3.2 Basic block level
- 3.3 Loop level
- 3.4 Function level
- 3.5 Program level
- 3.6 System level
- 4. When to diversify
- 4.1 The software life cycle
- 4.2 Quantifying the impact of diversity
- 4.2.1 Security impact
- 4.2.2 Performance impact
- 5. Case study: compile-time diversification
- 5.1 System description
- 5.1.1 Inserting NOP instructions
- 5.1.2 Equivalent instruction substitution
- 5.1.3 Instruction scheduling
- 5.2 Scalability of compile-time diversification
- 5.2.1 Cloud-based compilation
- 5.2.2 Scalability is practical
- 5.3 Evaluating diversification
- 5.3.1 Assessing diversification efficiency
- 5.3.2 Implementing survivor
- 5.4 Evaluating security
- 5.4.1 Frequently surviving gadgets
- 5.4.2 Determining optimal compiler parameters
- 6. Information leakage resilience
- 7. Advanced topics
- 7.1 Hybrid approaches
- 7.2 Error reports and patches
- Bibliography
- Authors' biographies.