ISA2R: Improving software attack and analysis resilience via compiler-level software diversity

Rafael Fedler, Sebastian Banescu, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

The current IT landscape is characterized by software monoculture: All installations of one program version are identical. This leads to a huge return of investment for attackers who can develop a single attack once to compromise millions of hosts worldwide. Software diversity has been proposed as an alternative to software monoculture. In this paper we present a collection of diversification transformations called ISA2R, developed for the low-level virtual machine (LLVM). By diversifying the properties crucial to successful exploitation of a vulnerability, we render exploits that work on one installation of a software ineffective against others. Through this we enable developers to add protective measures automatically during compilation. In contrast to similar existing tools, ISA2R provides protection against a wider range of attacks and is applicable to all programming languages supported by LLVM.

Original languageEnglish
Title of host publicationComputer Safety, Reliability, and Security - 34th International Conference, SAFECOMP 2015, Proceedings
EditorsFloor Koornneef, Coen van Gulijk
PublisherSpringer Verlag
Pages362-371
Number of pages10
ISBN (Print)9783319242545
DOIs
StatePublished - 2015
Event34th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2015 - Delft, Netherlands
Duration: 23 Sep 201525 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9337
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference34th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2015
Country/TerritoryNetherlands
CityDelft
Period23/09/1525/09/15

Keywords

  • Code obfuscation
  • Software diversity
  • Software protection

Fingerprint

Dive into the research topics of 'ISA2R: Improving software attack and analysis resilience via compiler-level software diversity'. Together they form a unique fingerprint.

Cite this