Differences

This shows you the differences between two versions of the page.

--- dsrand [2009/07/16 14:31]
ryan
+++ dsrand [2009/07/17 14:38]
@@ Line 1: / Line 1: @@
-====== Polymorphing Software By Randomizing Data Structure Layout ======
-===== Abstract =====
-This paper introduces a new software polymorphism technique that randomizes program data structure layout. This technique will generate different data structure layouts for a program and thus diversify the binary code compiled from the same program source code. This technique can mitigate attacks (e.g., kernel rootkit attacks) that require knowledge about data structure definitions. It is also able to disrupt the generation of data structure-based program signatures. We have implemented our data structure layout randomization technique in the open source compiler collection gcc-4.2.4 and applied it to a number of programs. Our evaluation results show that our technique is able to achieve software binary diversity. We also apply the technique to one operating system data structure in order to foil a number of kernel rootkit attacks. Meanwhile, programs produced by the technique were analyzed by a state-of-the-art data structure inference system and it was demonstrated that reliance on data structure signatures alone may lead to false negatives in malware detection.
-===== Publications =====
-  * [[http://friends.cs.purdue.edu/pubs/DIMVA09.pdf|"Polymorphing Software By Randomizing Data Structure Layout."]]  Zhiqiang Lin, Ryan D. Riley and Dongyan Xu.  Proceedings of SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2009), Milan, Italy, July 2009
-===== Source Code =====
-The source code is licensed under GPL and now available. Please download this {{:dslr.tar.gz|tarball}} which contains the gcc-4.2.4-patch, the readme file, and a small test case to illustrate how to use it. If you have any questions, please us me know.

FRIENDS Research Projects

User Tools

Site Tools

Differences

Page Tools