Security Through Diversity
Speaker: David Evans, Associate Professor , University of VirginiaContact:
Date: June 23 2005
Time: 11:00AM to 12:00PM
Location: 32-G463 Star
Host: Martin Rinard, MIT - CSAIL
Mary McDavitt, 617-253-9620, firstname.lastname@example.orgRelevant URL:
Abstract: The current computing monoculture leaves our infrastructure vulnerable to a massive, rapid attack. One technique that has been proposed to mitigate this threat is to artificially increase software diversity by transforming programs to produce diverse executables. These techniques depend on keeping a key used to control the transformation secret from potential attackers.
The first part of this talk considers the effectiveness of one proposed diversification technique, instruction set randomization (ISR). ISR defuses all standard code injection attacks by hiding the instruction set of the target machine from the attacker. A motivated attacker may be able to circumvent ISR by determining the randomization key. I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under realistic conditions and can infect an ISR-protected server in under 6 minutes.
In the second part of the talk, I will introduce the N-variant systems framework that uses artificial diversity to enhance security. Unlike previous approaches such as ISR, it does not rely on keeping any secrets. Instead, the framework requires an attacker to compromise one of the system variants without producing detectable behavior on another system variant processing the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to successfully carry out large classes of important attacks. In this talk, I will describe our framework and a prototype implementation, identify some useful variations, and introduce a model for analyzing security properties of N-variant systems.
Note: This talk includes joint work with Jack Davidson, Adrian Filipi, John Knight, Anh Nguyen-Tuong, Nathanael Paul, Jonathan Rowanhill, and Nora Sovarel. Details on our ISR cryptanalysis are available in the upcoming USENIX Security 2005 paper (http://www.cs.virginia.edu/feeb/): "Where's the FEEB?: The Effectiveness of Instruction Set Randomization", Nora Sovarel, David Evans and Nathanael Paul.
Bio: During his decade at MIT, David Evans completed 3 degrees, scored 2 D-league hockey goals, and sampled all the non-fishy items on Gooseberry's food truck menu. Since 1999, he has been an assistant professor at the University of Virginia, where he has learned to revere Thomas Jefferson, done research in computer security and program analysis, and developed and taught a 6.001-inspired course targeted to liberal arts students. He is a citizen member on the Virginia Joint Subcommittee on Voting Equipment Certification.
See other events that are part of
See other events happening in June 2005