Go to IPCCC 2007 homepageDiversified Process Replicæ for Defeating Memory Error Exploits
Abstract: An interpretation of the notion of software diversity is based on the concept of diversified process replicæ. We define pr as the replica of a process p which behaves identically to p but has some "structural" diversity from it. This makes possible to detect memory corruption attacks in a deterministic way. In our solution, p and pr differ in their address space which is properly diversified, thus defeating absolute and partial overwriting memory error exploits. We also give a characterization and a preliminary solution for shared memory management, one of the biggest practical issue introduced by this approach. Speculation on how to deal with synchronous signals delivery is faced as well. A user space proof-of-concept prototype has been implemented. Experimental results show a 68.93% throughput slowdown on a worst-case, while experiencing only a 1.20% slowdown on a best-case.
0 Replies
Loading