TY - GEN
T1 - Double helix and RAVEN
T2 - 11th Annual Cyber and Information Security Research Conference, CISRC 2016
AU - Co, Michele
AU - Davidson, Jack W.
AU - Hiser, Jason D.
AU - Knight, John C.
AU - Nguyen-Tuong, Anh
AU - Weimer, Westley
AU - Burket, Jonathan
AU - Frazier, Gregory L.
AU - Frazier, Tiffany M.
AU - Dutertre, Bruno
AU - Mason, Ian
AU - Shankar, Natarajan
AU - Forrest, Stephanie
PY - 2016/4/5
Y1 - 2016/4/5
N2 - Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previvous research proposed using low-entropy but carefully structured articial diversity to create variants of an application and then run these constructed variants within a fault- tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution en- vironment and precise static binary analysis and efficient writing technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.
AB - Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previvous research proposed using low-entropy but carefully structured articial diversity to create variants of an application and then run these constructed variants within a fault- tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution en- vironment and precise static binary analysis and efficient writing technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.
UR - http://www.scopus.com/inward/record.url?scp=84968677677&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84968677677&partnerID=8YFLogxK
U2 - 10.1145/2897795.2897805
DO - 10.1145/2897795.2897805
M3 - Conference contribution
AN - SCOPUS:84968677677
T3 - Proceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016
BT - Proceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016
PB - Association for Computing Machinery, Inc
Y2 - 5 April 2016 through 7 April 2016
ER -