07-05-2012, 04:47 PM
The N-Variant Systems FrameworkPolygraphing Processes for Secretless Security
n variant 1.ppt (Size: 5.09 MB / Downloads: 34)
Security Through Diversity
Today’s Computing Monoculture
Exploit can compromise billions of machines since they are all running the same software
Biological Diversity
All successful species use very expensive mechanism (sex) to maintain diversity
Computer security research: [Cohen 92], [Forrest+ 97], [Cowan+ 2003], [Barrantes+ 2003], [Kc+ 2003], [Bhatkar+2003], [Just+ 2004], [Bhatkar, Sekar, DuVarney 2005]
Memory Randomization Attack
Brute force attack on memory address space randomization (Shacham et. al. [CCS 2004]): 24-bit effective key space
Can a similar attack work against ISR?
Larger key space: must attack in fragments
Need to tell if partial guess is correct
Server Requirements
Vulnerable: buffer overflow is fine
Able to make repeated guesses
No rerandomization after crash
Likely if server forks requests (Apache)
Observable: notice server crashes
Cryptanalyzable
Learn key from one ciphertext-plaintext pair
Easy with XOR
False Positives
Injected bytes produce an infinite loop:
JMP -4
JNZ -2
Injected bytes are “harmless”, later executed instruction causes infinite loop
Injected guess causes crash, but timeout expires before remote attacker observes