Software diversity evaluating method based on gadget feature analysis
Software diversity is commonly utilized in scenarios such as software distribution and operating systems to improves system resilience and security.However, existing software diversity evaluation methods are typically based on conventional code features and are relatively limited in scope, which can...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-06-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023047 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529629983113216 |
|---|---|
| author | Genlin XIE Guozhen CHENG Yawen WANG Qingfeng WANG |
| author_facet | Genlin XIE Guozhen CHENG Yawen WANG Qingfeng WANG |
| author_sort | Genlin XIE |
| collection | DOAJ |
| description | Software diversity is commonly utilized in scenarios such as software distribution and operating systems to improves system resilience and security.However, existing software diversity evaluation methods are typically based on conventional code features and are relatively limited in scope, which can make it difficult to accurately reflect the security benefits of software diversity.To address this issue, a software diversity evaluation method was proposed from the perspective of ROP attack by analyzing the impact of software diversity on the difficulty of building a gadget attack chain, the attacker’s potentially available computing power, and the attacker’s cost of searching for gadgets in different variants.Metrics for the quality, practicability, and distribution of gadgets were integrated into this method.Testing was conducted using diversity technologies with different granularity.The evaluation results showed that the proposed method could accurately and comprehensively reflect the security gain brought by software diversity.It was observed that software diversity could relocate/modify/delete a large number of gadgets in the software, increasing the cost of attacking different software variants but also leading to different degrees of software expansion.Finally, an analysis and discussion of the advantages and disadvantages of existing diversity techniques were conducted based on the experimental results. |
| format | Article |
| id | doaj-art-9881f0bc98254dd1bdbc12caaecb2d0d |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-06-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-9881f0bc98254dd1bdbc12caaecb2d0d2025-01-15T03:16:40ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-06-01916117359578795Software diversity evaluating method based on gadget feature analysisGenlin XIEGuozhen CHENGYawen WANGQingfeng WANGSoftware diversity is commonly utilized in scenarios such as software distribution and operating systems to improves system resilience and security.However, existing software diversity evaluation methods are typically based on conventional code features and are relatively limited in scope, which can make it difficult to accurately reflect the security benefits of software diversity.To address this issue, a software diversity evaluation method was proposed from the perspective of ROP attack by analyzing the impact of software diversity on the difficulty of building a gadget attack chain, the attacker’s potentially available computing power, and the attacker’s cost of searching for gadgets in different variants.Metrics for the quality, practicability, and distribution of gadgets were integrated into this method.Testing was conducted using diversity technologies with different granularity.The evaluation results showed that the proposed method could accurately and comprehensively reflect the security gain brought by software diversity.It was observed that software diversity could relocate/modify/delete a large number of gadgets in the software, increasing the cost of attacking different software variants but also leading to different degrees of software expansion.Finally, an analysis and discussion of the advantages and disadvantages of existing diversity techniques were conducted based on the experimental results.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023047software diversitycode reuse attackgadget featuresecurity gain |
| spellingShingle | Genlin XIE Guozhen CHENG Yawen WANG Qingfeng WANG Software diversity evaluating method based on gadget feature analysis 网络与信息安全学报 software diversity code reuse attack gadget feature security gain |
| title | Software diversity evaluating method based on gadget feature analysis |
| title_full | Software diversity evaluating method based on gadget feature analysis |
| title_fullStr | Software diversity evaluating method based on gadget feature analysis |
| title_full_unstemmed | Software diversity evaluating method based on gadget feature analysis |
| title_short | Software diversity evaluating method based on gadget feature analysis |
| title_sort | software diversity evaluating method based on gadget feature analysis |
| topic | software diversity code reuse attack gadget feature security gain |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023047 |
| work_keys_str_mv | AT genlinxie softwarediversityevaluatingmethodbasedongadgetfeatureanalysis AT guozhencheng softwarediversityevaluatingmethodbasedongadgetfeatureanalysis AT yawenwang softwarediversityevaluatingmethodbasedongadgetfeatureanalysis AT qingfengwang softwarediversityevaluatingmethodbasedongadgetfeatureanalysis |