Reverse Engineering Based Software Diversification for Cyber Fault Tolerance

Project: Research project

Project Details

Description

Short work statementThe proposed research will investigate reverse engineering-based software diversification and transformation methods for defending against widespread cyber threats. The project will develop an iterative and composable diversification platform that can be used to automatically add software diversity to binary executables. The proposed research willdeliver a set of new unique capabilities including:(ia) n infrastructure suitable for retrofitting legacy software without the need for source code (iia) set of composable software diversification transformations for the purposes of cyber-fault tolerance (iiia) set of advanced obfuscation techniques that can help protect critical software componentsObjectiveThe PI proposes to protect legacy software from existing and yet-to-be-discovered vulnerabilities by iterativelytransforming binary executables with a variety of composable software diversification mechanisms. By enabling the iterative application of diversification approaches, the platform will be able to amplify small and basic diversification steps to create increasingly protected legacy software with minimal overhead of binary size and execution.ApproachThe approach utilized in the proposed research builds upon the concept of reassembleable disassembly. As binary software is lifted up to increasingly abstract stages (assembly, intermediate representations, source code), the lifting methods ensure that each version is readily and automatically recompiled or reassembled. The PI previously developed a tool to accomplish this called Uroboros. Experiments with the tool showed that the entire set of GNU coreutils binaries could be disassembled and reassembled over a thousand times automatically without human intervention and with only negligible introduction of size and performance overhead. A variety of diversification methods packaged together as Amoeba will be integrated into an iterative and composable platform known as Chamelon. The approach taken by this research produces effectively diversified (no usable gadgets left for ROP) software with negligible overhead.Overall meritsOur computer systems are highly homogeneous in terms of hardware and software configurations across various installations. This homogeneity has resulted in asymmetric advantage in favor of cyber attackers since an attack written once will immediately work on all systems running that same hardware and software. Diversifying and locally customizing software executables will significantly reduce the attacker~s advantage. The proposed reverse engineering and diversification technology can help augment legacy software systems with modern security mechanisms.ONR mission relevanceThe research represents an important part of the overall approach to protecting real-time embedded control systems. Effective and straightforward low-level software diversification is critical to protecting the vast deployment of legacy control applications. Currently, diversification work is not iterative and composable and makes use of run-time calculated wrappers around jumps that still allow attackers to find randomization-resilient gadgets for use in codereuse attacks. The capabilities proposed in this research will enable control system engineers to more efficiently and effectively implement diversity for cyber-attack fault tolerance applications and is critical to the future security of naval ICS and HM&E platforms.

StatusActive
Effective start/end date9/1/16 → …

Funding

  • U.S. Navy: $509,378.00

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.