Advanced search options

Advanced Search Options 🞨

Browse by author name (“Author name starts with…”).

Find ETDs with:

in
/  
in
/  
in
/  
in

Written in Published in Earliest date Latest date

Sorted by

Results per page:

You searched for subject:(Software Defenses). One record found.

Search Limiters

Last 2 Years | English Only

No search limiters apply to these results.

▼ Search Limiters


University of California – Irvine

1. Crane, Stephen. Enhancing and Extending Software Diversity.

Degree: Computer Science, 2015, University of California – Irvine

Software immunity through diversity is a promising research direction. Address Space Layout Randomization has been widely deployed to defend against code-reuse attacks and significantly raises the bar for attackers. However, automated software diversity is still exploitable by adroit and adaptable adversaries. Using powerful memory disclosure attacks, offensive researchers have demonstrated weaknesses in conventional randomization techniques. In addition, current defenses are largely passive and allow attackers to continuously brute-force randomized defenses with little impediment. Building on the foundation of automated software diversity, we propose novel techniques to strengthen the security and broaden the impact of code randomization. We first discuss software booby traps, a new active defense technique enabled by randomized program contents. We then propose, implement, and evaluate a comprehensive randomization-based system, Readactor++, which is resilient to all types of memory disclosure attacks. Readactor++ enforces execute-only memory protections on commodity x86 processors, thus preventing direct disclosure of randomized code. We also identify the indirect disclosure attack, a new class of code leakage via data disclosure, and mitigate this attack as well. By integrating booby traps into our system, we protect against brute-force memory disclosure attempts. In our evaluation we find that Readactor++ compares favorably to other memory-disclosure resilient code-reuse defenses and that it scales effectively to complex, real-world software. Finally, we propose a novel extension of code randomization to mitigate side-channel rather than code-reuse attacks. Using control-flow diversity, a novel control-flow transformation, we introduce dynamic behavior into program side effects with fast, static code. As an example, we apply this technique to mitigate an AES cache side-channel attack. With our techniques, software diversity can now be efficiently secured against advanced attacks, including memory disclosure and function table reuse, and is adaptable to combat new classes of threats, such as side-channel attacks.

Subjects/Keywords: Computer science; Code-reuse Attacks; Computer Security; Side-channel Attacks; Software Defenses; Software Diversity

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Crane, S. (2015). Enhancing and Extending Software Diversity. (Thesis). University of California – Irvine. Retrieved from http://www.escholarship.org/uc/item/45w3n70k

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Crane, Stephen. “Enhancing and Extending Software Diversity.” 2015. Thesis, University of California – Irvine. Accessed March 02, 2021. http://www.escholarship.org/uc/item/45w3n70k.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Crane, Stephen. “Enhancing and Extending Software Diversity.” 2015. Web. 02 Mar 2021.

Vancouver:

Crane S. Enhancing and Extending Software Diversity. [Internet] [Thesis]. University of California – Irvine; 2015. [cited 2021 Mar 02]. Available from: http://www.escholarship.org/uc/item/45w3n70k.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Crane S. Enhancing and Extending Software Diversity. [Thesis]. University of California – Irvine; 2015. Available from: http://www.escholarship.org/uc/item/45w3n70k

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

.