Independence from obfuscation: A semantic framework for diversity

Proceedings of the Computer Security Foundations Workshop

Volumn 2006, Issue , 2006, Pages 230-241

  Pucella, Riccardo ^a   Schneider, Fred B ^b  

^a NORTHEASTERN UNIVERSITY   (United States)

^b Department of Molecular Biology and Genetics   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL METHODS; COMPUTER SOFTWARE; DATA STORAGE EQUIPMENT; MATHEMATICAL TRANSFORMATIONS; SECURITY OF DATA;

INSTRUCTIONS; PROGRAM REWRITING;

COMPUTER CRIME;

EID: 33947654448     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.2006.15     Document Type: Conference Paper

References (21)

1. M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In Proc. 26th Annual ACM Symposium on Principles of Programming Languages (POPL'99), pages 147-160. ACM Press, 1999.
2. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. In Proc. 21th Annual International Cryptology Conference (CRYPTO'01), volume 2139 of Lecture Notes in Computer Science, pages 1-18. Springer-Verlag, 2001.
3. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. Randomized instruction set emulation. ACM Transactions on Information and System Security, pages 3-40, 2005.
4. E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. 10th ACM Conference on Computer and Communications Security (CCS'03), pages 281-289. ACM Press, 2003.
5. E. D. Berger and B. G. Zorn. DieHard: Probabilistic memory safety for unsafe languages. Department of Computer Science Technical Report 05-65, University of Massachusetts Amherst, 2005.
6. S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proc. 12th USENIX Security Symposium, pages 105-120, 2003.
7. M. Chew and D. Song. Mitigating buffer overflows by operating system randomization. Technical Report CMU-CS 02-197, School of Computer Science, Carnegie Mellon University, 2002.
8. C. S. Collberg, C. Thomborson, and D. Low. Breaking abstractions and un structuring data structures. In Proc. 1998 International Conference on Computer Languages, pages 28-38. IEEE Computer Society Press, 1998.
9. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Expo (DISCEX), 2000.
10. S. Forrest, A. Somayaji, and D. H. Ackley. Building diverse computer systems. In Proc. 6th Workshop on Hot Topics in Operating Systems, pages 67-72. IEEE Computer Society Press, 1997.
11. S. Goldwasser and Y. T. Kalai. On the impossibility of obfuscation with auxiliary inputs. In Proc. 46th IEEE Symposium on the Foundations of Computer Science (FOCS'05), 2005.
12. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proc. USENIX Annual Technical Conference, pages 275-288, 2002.
13. G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proc. 10th ACM Conference on Computer and Communications Security (CCS'03), pages 272-280. ACM Press, 2003.
14. G. C. Necula, S. McPeak, and W. Weimer. CCured: Typesafe retrofitting of legacy code. In Proc. 29th Annual ACM Symposium on Principles of Programming Languages (POPL'02), pages 128-139. ACM Press, 2002.
15. P. Ørbaek and J. Palsberg. Trust in the λ-calculus. Journal of Functional Programming, 7(6):557-591, 1997.
16. J. Pincus and B. Baker. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy, 2(4):20-27, 2004.
17. R. Pucella and F. B. Schneider. Independence from obfuscation: A semantic framework for diversity. Technical Report 2006-2016, Computer Science Department, Cornell University, 2006.
18. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proc. 11th ACM Conference on Computer and Communications Security (CCS'04), pages 298-307. ACM Press, 2004.
19. A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB?: The effectiveness of instruction set randomization. In Proc. 14th USENIX Security Symposium, 2005.
20. M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. ACM Transactions on Programming Languages and Systems, 13(2):181-210, 1991.
21. J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. In Proc. 22nd International Symposium on Reliable Distributed Systems (SRDS'03), pages 260-269. IEEE Computer Society Press, 2003.