Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/2897795.2897805acmotherconferencesArticle/Chapter ViewAbstractPublication PagescisrcConference Proceedingsconference-collections
short-paper

Double Helix and RAVEN: A System for Cyber Fault Tolerance and Recovery

Published: 05 April 2016 Publication History

Abstract

Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previous research proposed using low-entropy but carefully structured artificial diversity to create variants of an application and then run these constructed variants within a fault-tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution environment and precise static binary analysis and efficient rewriting technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.

References

[1]
E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Transactions on Information and System Security, 8(1):3--40, Feb. 2005.
[2]
A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, and D. Boneh. Hacking blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 227--242, Washington, DC, USA, 2014. IEEE Computer Society.
[3]
D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In IEEE International Conference on Performance, Computing, and Communications Conference, IPCCC'07, pages 434--441, April 2007.
[4]
C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, SSYM'98, pages 5--5, Berkeley, CA, USA, 1998. USENIX Association.
[5]
B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association.
[6]
J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd my gadgets go? In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 571--585, Washington, DC, USA, 2012. IEEE Computer Society.
[7]
C. Le Goues, T. V. Nguyen, S. Forrest, and W. Weimer. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng., 38(1):54--72, Jan. 2012.
[8]
B. Rodes, A. Nguyen-Tuong, J. D. Hiser, J. C. Knight, M. Co, and J. W. Davidson. Defense against stack-based attacks using speculative stack layout transformation. In S. Qadeer and S. Tasiran, editors, Runtime Verification, volume 7687 of Lecture Notes in Computer Science, pages 308--313. Springer Berlin Heidelberg, 2013.
[9]
G. F. Roglia, L. Martignoni, R. Paleari, and D. Bruschi. Surgically returning to randomized libC. In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC '09, pages 60--69, Washington, DC, USA, 2009. IEEE Computer Society.
[10]
B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: Intrusion detection using parallel execution and monitoring of program variants in user-space. In Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys '09, pages 33--46, New York, NY, USA, 2009. ACM.
[11]
K. Scott and J. Davidson. Strata: A software dynamic translation infrastructure. In IEEE Workshop on Binary Translation, September 2001.
[12]
H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552--561, New York, NY, USA, 2007. ACM.
[13]
H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298--307, New York, NY, USA, 2004. ACM.
[14]
A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? the effectiveness of instruction set randomization. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM'05, pages 10--10, Berkeley, CA, USA, 2005. USENIX Association.
[15]
S. Volckaert, B. De Sutter, T. De Baets, and K. De Bosschere. GHUMVEE: Efficient, effective, and flexible replication. In Proceedings of the 5th International Conference on Foundations and Practice of Security, FPS'12, pages 261--277, Berlin, Heidelberg, 2013. Springer-Verlag.
[16]
Checkpoint/restore in userspace. http://criu.org.
[17]
D. Williams, W. Hu, J. W. Davidson, J. D. Hiser, J. C. Knight, and A. Nguyen-Tuong. Security through diversity: Leveraging virtual machine technology. IEEE Security & Privacy, 7(1):26--33, Jan.--Feb. 2009.
[18]
J. Xu, Z. Kalbarczyk, and R. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems, pages 260--269, oct. 2003.

Cited By

View all
  • (2022)Back to the future: N-Versioning of Microservices2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00049(415-427)Online publication date: Jun-2022
  • (2021)Data space randomization for securing cyber-physical systemsInternational Journal of Information Security10.1007/s10207-021-00568-121:3(597-610)Online publication date: 6-Nov-2021
  • (2020)Conditional Probability Voting Algorithm Based on Heterogeneity of Mimic Defense SystemIEEE Access10.1109/ACCESS.2020.30313238(188760-188770)Online publication date: 2020
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference
April 2016
150 pages
ISBN:9781450337526
DOI:10.1145/2897795
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 April 2016

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Short-paper
  • Research
  • Refereed limited

Conference

CISRC '16

Acceptance Rates

CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;
Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)3
Reflects downloads up to 23 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2022)Back to the future: N-Versioning of Microservices2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00049(415-427)Online publication date: Jun-2022
  • (2021)Data space randomization for securing cyber-physical systemsInternational Journal of Information Security10.1007/s10207-021-00568-121:3(597-610)Online publication date: 6-Nov-2021
  • (2020)Conditional Probability Voting Algorithm Based on Heterogeneity of Mimic Defense SystemIEEE Access10.1109/ACCESS.2020.30313238(188760-188770)Online publication date: 2020
  • (2019)Defeating denial-of-service attacks in a self-managing N-variant systemProceedings of the 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems10.1109/SEAMS.2019.00024(126-138)Online publication date: 25-May-2019
  • (2019)Overview of Control and Game Theory in Adaptive Cyber DefensesAdversarial and Uncertain Reasoning for Adaptive Cyber Defense10.1007/978-3-030-30719-6_1(1-11)Online publication date: 31-Aug-2019
  • (2018)ReferencesThe Continuing Arms Race10.1145/3129743.3129753(261-281)Online publication date: 1-Mar-2018
  • (2018)Multi-variant execution environmentsThe Continuing Arms Race10.1145/3129743.3129752(211-258)Online publication date: 1-Mar-2018
  • (2018)Hardware control flow integrityThe Continuing Arms Race10.1145/3129743.3129751(181-210)Online publication date: 1-Mar-2018
  • (2018)Attacking dynamic codeThe Continuing Arms Race10.1145/3129743.3129750(139-180)Online publication date: 1-Mar-2018
  • (2018)Evaluating control-flow restricting defensesThe Continuing Arms Race10.1145/3129743.3129749(117-137)Online publication date: 1-Mar-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media