Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants

by Benoit Baudry, Simon Allier and Martin Monperrus
Abstract: The predictability of program execution provides attackers a rich source of knowledge who can exploit it to spy or remotely control the program. Moving target defense ad- dresses this issue by constantly switching between many diverse variants of a program, which reduces the certainty that an attacker can have about the program execution. The ef- fectiveness of this approach relies on the availability of a large number of software variants that exhibit dierent ex- ecutions. However, current approaches rely on the natural diversity provided by o-the-shelf components, which is very limited. In this paper, we explore the automatic synthe- sis of large sets of program variants, called sosies. Sosies provide the same expected functionality as the original pro- gram, while exhibiting dierent executions. They are said to be computationally diverse. This work addresses two objectives: comparing dierent transformations for increasing the likelihood of sosie synthe- sis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosies. We synthesized 30 184 sosies in total, for 9 large, real-world, open source ap- plications. For all these programs we identied one type of program analysis that systematically increases the density of sosies; we measured computation diversity for sosies of 3 programs and found diversity in method calls or data in more than 40% of sosies. This is a step towards controlled massive unpredictability of software.
 View PDF
Open-access (on archives-ouvertes.fr)
Publisher version (via DOI)
Citations: [citations]
Other publications of Martin Monperrus

Cite it:

Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants (, and ), In Proceedings of the International Symposium on Software Testing and Analysis, .
Benoit Baudry, Simon Allier and Martin Monperrus, "Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants", In Proceedings of the International Symposium on Software Testing and Analysis, San Jose, United States, pp. 149-159, 2014.

Bibtex Entry:

@inproceedings{Baudry14,
 title = {{Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants}},
 author = {Baudry, Benoit and Allier, Simon and Monperrus, Martin},
 url = {https://hal.archives-ouvertes.fr/hal-00938855/file/sosies.pdf},
 booktitle = {{Proceedings of the International Symposium on Software Testing and Analysis}},
 pages = {149-159},
 year = {2014},
 doi = {10.1145/2610384.2610415},
}
Powered by bibtexbrowser
Tagged as: