Visible to the public Automatically Validating the Effectiveness of Software Diversity Schemes

TitleAutomatically Validating the Effectiveness of Software Diversity Schemes
Publication TypeConference Paper
Year of Publication2019
AuthorsKelly, Daniel M., Wellons, Christopher C., Coffman, Joel, Gearhart, Andrew S.
Conference Name2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S)
Date Publishedjun
Keywordscomparative evaluation, compiler security, compilers, compositionality, computer security, cybersecurity, DARPA Cyber Grand Challenge environment, diversifying compiler, diversity strategies, diversity techniques, evaluation, exploit mitigation, Measurement, Metrics, program compilers, Program processors, pubcrawl, Resiliency, Scalability, scant attention, security of data, Semantics, software diversity, software diversity schemes, software protection, vulnerabilities
AbstractSoftware diversity promises to invert the current balance of power in cybersecurity by preventing exploit reuse. Nevertheless, the comparative evaluation of diversity techniques has received scant attention. In ongoing work, we use the DARPA Cyber Grand Challenge (CGC) environment to assess the effectiveness of diversifying compilers in mitigating exploits. Our approach provides a quantitative comparison of diversity strategies and demonstrates wide variation in their effectiveness.
Citation Keykelly_automatically_2019