On the effectiveness of the metamorphic shield

ACM International Conference Proceeding Series

Volumn , Issue , 2010, Pages 170-174

  Nguyen Tuong, Anh ^a   Wang, Andrew ^a   Hiser, Jason D ^a   Knight, John C ^a   Davidson, Jack W ^a  

^a University of Virginia   (United States)

Author keywords

attack surface; dynamic diversity; security; temporal diversity; virtual machine

Indexed keywords

ARTIFICIAL DIVERSITY; ATTACK SURFACE; INSTRUCTION-SET RANDOMIZATION; SECURITY; TEMPORAL DIVERSITY; VIRTUAL MACHINES;

COMPUTER SIMULATION; SOFTWARE ARCHITECTURE; TECHNICAL PRESENTATIONS;

DYNAMICS;

EID: 78149393449     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1842752.1842788     Document Type: Conference Paper

References (12)

1. "Balls In Bins with Limited Capacity," http://www.mathpages. com/home/kmath337.htm
2. G. Barrantes, D. Ackley, S. Forrest, and D. Stefanovic, "Randomized Instruction Set Emulation," ACM Transactions on Information Systems Security (TISSEC), Vol 8, No 1 pp. 3-40 (2005).
3. D. J. Bernstein, "Cache-timing attacks on AES," http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
4. S. Bhatkar, R. Sekar and Daniel DuVarney, "Efficient Techniques for Comprehensive Protection from Memory Error Exploits," USENIX Security Symposium, Aug., 2005.
5. S. W. Boyd, G. S. Kc, M. E. Locasto, A. D. Keromytis and V. Prevelakis, "On the General Applicability of Instruction Set Randomization," IEEE Trans. On Dependable and Secure Computing, 07 Oct. 2008. IEEE computer Society Digital Library.
6. M. Van Gundy and H. Chen, "Noncespaces: Using randomization to enforce information flowtracking and thwart cross-site scripting attacks," Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 8-11, 2009
7. W. Hu, J. D. Hiser, D. Williams, A. Filipi, J. W. Davidson, D. Evans, J. C. Knight, A. Nguyen-Tuong and J. Rowanhill, "Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation," Second International Conference on Virtual Execution Environments. Ottawa, Canada, June 14-16, 2006.
8. G. S. Kc, A. D. Keromytis, and V. Prevelakis, "Countering code-injection attacks with instruction-set randomization," Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272-280.
9. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu and Dan Boneh, "On the Effectiveness of Address-Space Randomization," Proc. CCS 2004, pp. 298-307, ACM Press.
10. N. Sovarel, N. Paul and D. Evans, "Where's the FEEB?: The Effectiveness of Instruction Set Randomization," USENIX Security 2005, August 2005.
11. R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and Thomas Walter, "Breaking the memory secrecy assumption," Proceedings of the Second European Workshop on System Security, Nuremburg, Germany, 2009.
12. D. Williams, W. Hu, J. W. Davidson, J. D. Hiser, J. C. Knight, A. Nguyen-Tuong, "Security through Diversity: Leveraging Virtual Machine Technology," IEEE Security and Privacy, vol. 7, no. 1, pp. 26-33, Jan./Feb. 2009.