Composite Software Diversification

机译：复合软件多样化

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Many techniques of software vulnerability exploitation rely on deep and comprehensive analysis of vulnerable program binaries. If a copy of the vulnerable software is available to attackers, they can compose their attack scripts and payloads by studying the sample copy and launch attacks on other copies of the same software in deployment. By transforming software into different forms before deployment, software diversification is considered as an effective mitigation of attacks originated from malicious binary analyses.Essentially, developing a software diversification transformation is nontrivial because it has to preserve the original functionality, provide strong enough unpredictability, and introduce negligible cost. Enlightened by research in other areas, we seek to apply different diversification transformations to the same program for a synergy effect such that the resulting hybrid transformations can have boosted diversification effects with modest cost. We name this approach the composite software diversification.Although the concept is straightforward, it becomes challenging when searching for satisfactory compositions of primitive transformations that maximize the synergy effect and make a balance between effectiveness and cost. In this work, we undertake an in-depth study and develop a reasonably well working selection strategy to find a transformation composition that performs better than any single transformation used in the composition. We believe our work can provide guidelines for practitioners who would like to improve the design of diversification tools in the future.

机译：软件漏洞利用的许多技术依赖于对弱势计划二进制文件的深度和全面分析。如果攻击者可以使用漏洞软件的副本，可以通过在部署中的其他软件的其他副本上进行示例副本和启动攻击来撰写攻击脚本和有效载荷。通过将软件转换为不同的形式之前，软件多样化被认为是源自恶意二元分析的攻击的有效缓解。展示软件多样化转换是不动的，因为它必须保留原始功能，提供足够的不可预测性，并介绍了足够的不可预测性，并介绍可忽略不计的成本。在其他领域的研究中启发，我们寻求对同一程序应用不同的多样化转换，以实现协同效果，使得产生的混合变换可以以适度的成本提高多样化效果。我们命名这种方法复合软件多样化。虽然该概念很简单，但在寻找最大化协同效应的原始变换的令人满意的组合时，它变得具有挑战性，并在有效性和成本之间进行平衡。在这项工作中，我们进行了深入的研究，并开发了一个合理的工作选择策略，以找到比组合物中使用的任何单一转化更好的转化组合物。我们相信我们的工作可以为希望改进未来多样化工具设计的从业者提供指导方针。

著录项

来源
《IEEE International Conference on Software Maintenance and Evolution》|2017年|689p|共11页
会议地点
作者
Shuai Wang; Pei Wang; DInghao Wu;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP311.5-53;
关键词
Software; Software algorithms; Reverse engineering; Semantics; Tools; Binary codes; Knowledge engineering;

机译：软件;软件算法;逆向工程;语义;工具;二元代码;知识工程;

相似文献

外文文献
中文文献
专利

1. Software Diversify as a Way to Well-Structured Concurrent Software [J] . A.B.Romanovsky Operating systems review . 1995,第3期

机译：软件多样化是结构合理的并行软件的一种方式
2. Piezoresistive characteristics of CNT fiber-incorporated GFRP composites prepared with diversified fabrication schemes [J] . Khalid Hammad R., Nam I. W., Choudhry I., Composite Structures . 2018,第NOVa期

机译：多种制备方案制备的含CNT纤维的GFRP复合材料的压阻特性
3. Research review of diversified reinforcement on aluminum metal matrix composites: fabrication processes and mechanical characterization [J] . Jitendra M. Mistry, Piyush P. Gohil Science and Engineering of Composite Materials . 2018,第4期

机译：铝金属基复合材料的多种增强研究综述：制备工艺和力学性能
4. Composite Software Diversification [C] . Shuai Wang, Pei Wang, DInghao Wu IEEE International Conference on Software Maintenance and Evolution . 2017

机译：复合软件多元化
5. Correlated failures, software diversification and information security risk management. [D] . Kataria, Gaurav. 2007

机译：相关故障，软件多样化和信息安全风险管理。
6. A META-COMPOSITE SOFTWARE DEVELOPMENT APPROACH FOR TRANSLATIONAL RESEARCH [O] . Rajani S. Sadasivam, Murat M. Tanik -1

机译：翻译研究的元复合软件开发方法
7. Diversifying Nanoparticle Assemblies in Supramolecule Nanocomposites Via Cylindrical Confinement [O] . -1

机译：通过圆柱限制多样化纳米粒子复合材料中的纳米粒子组件

Composite Software Diversification

摘要

著录项

相似文献

相关主题

期刊订阅