Stealing Secrets and Secretless Security Structures

David Evans
Harvard University Electrical Engineering and Computer Science
27 June 2005


The current computing monoculture leaves our infrastructure vulnerable to a massive, rapid attack. One technique that has been proposed to mitigate this threat is to artificially increase software diversity by transforming programs to produce diverse executables. These techniques depend on keeping a key used to control the transformation secret from potential attackers.

The first part of this talk considers the effectiveness of one proposed diversification technique, instruction set randomization (ISR). ISR defuses all standard code injection attacks by hiding the instruction set of the target machine from the attacker. A motivated attacker may be able to circumvent ISR by determining the randomization key. I will describe a remote attack for determining an ISR key using an incremental guessing strategy and present a method for injecting a worm in an ISR-protected network. The attack is plausible under realistic conditions and can infect an ISR-protected server in under 6 minutes.

In the second part of the talk, I will introduce the N-variant systems framework that uses artificial diversity to enhance security. Unlike previous approaches such as ISR, it does not rely on keeping any secrets. Instead, the framework requires an attacker to compromise one of the system variants without producing detectable behavior on another system variant processing the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to successfully carry out large classes of important attacks. In this talk, I will describe our framework and a prototype implementation, identify some useful variations, and introduce a model for analyzing security properties of N-variant systems.

Note: This talk includes joint work with Ben Cox, Jack Davidson, Adrian Filipi, John Knight, Anh Nguyen-Tuong, Nathanael Paul, Jonathan Rowanhill, and Nora Sovarel. Details on our ISR cryptanalysis are available in the upcoming USENIX Security 2005 paper ( "Where's the FEEB?: The Effectiveness of Instruction Set Randomization", Nora Sovarel, David Evans and Nathanael Paul.

Slides: [PPT, 4.8 MB, 48 slides]

Paper: [PDF, 16 pages] [HTML]
Genesis Project