Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Medical Devices, Electronic Health Records and Assuring Patient Safety: Future Challenges? Read chapter Read first chapter

2015 | OriginalPaper | Chapter

ISA\(^2\)R: Improving Software Attack and Analysis Resilience via Compiler-Level Software Diversity

Authors : Rafael Fedler, Sebastian Banescu, Alexander Pretschner

Published in: Computer Safety, Reliability, and Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The current IT landscape is characterized by software monoculture: All installations of one program version are identical. This leads to a huge return of investment for attackers who can develop a single attack once to compromise millions of hosts worldwide. Software diversity has been proposed as an alternative to software monoculture. In this paper we present a collection of diversification transformations called ISA\(^2\)R, developed for the low-level virtual machine (LLVM). By diversifying the properties crucial to successful exploitation of a vulnerability, we render exploits that work on one installation of a software ineffective against others. Through this we enable developers to add protective measures automatically during compilation. In contrast to similar existing tools, ISA\(^2\)R provides protection against a wider range of attacks and is applicable to all programming languages supported by LLVM.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design
next chapter Barriers to the Use of Intrusion Detection Systems in Safety-Critical Applications
Footnotes
Literature
1.
Allodi, L., Shim, W., Massacci. F.: Quantitative assessment of risk reduction with cybercrime black market monitoring. IEEE Sec. Priv. Workshops (2013)
2.
Banescu, S., Pretschner, A., Battré, D., Cazzulani, S., Shield, R., Thompson, G.: Software-based protection against changeware. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 231–242 (2015)
3.
Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)CrossRef
4.
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, stealthy opaque constructs. In: 25th ACM SIGPLAN-SIGACT, pp. 184–196 (1998)
5.
Forrest, S., Somayaji, A., Ackley, D.: Building diverse computer systems. In: 6th Workshop on Hot Topics in Operating Systems, pp. 67–72, May 1997
6.
Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.: ILR: where’d my gadgets go? In: IEEE Symposium on Security and Privacy, May 2012
7.
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
8.
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
9.
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: IEEE Symposium on Security & Privacy (2014)
10.
Randell, B.: System structure for software fault tolerance. IEEE Trans. Softw. Eng. 1, 220–232 (1975)CrossRef
11.
Schechter, S.E.: Computer security strength & risk: a quantitative approach. Ph.D. thesis, Harvard University, Cambridge, Massachusetts, May 2004
Metadata
Title
ISAR: Improving Software Attack and Analysis Resilience via Compiler-Level Software Diversity
Authors
Rafael Fedler
Sebastian Banescu
Alexander Pretschner
Copyright Year
2015
Book
Computer Safety, Reliability, and Security

Print ISBN: 978-3-319-24254-5

Electronic ISBN: 978-3-319-24255-2

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-24255-2_26

Premium Partner

    Image Credits