| Title | Automatically Validating the Effectiveness of Software Diversity Schemes |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Kelly, Daniel M., Wellons, Christopher C., Coffman, Joel, Gearhart, Andrew S. |
| Conference Name | 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S) |
| Date Published | jun |
| Keywords | comparative evaluation, compiler security, compilers, compositionality, computer security, cybersecurity, DARPA Cyber Grand Challenge environment, diversifying compiler, diversity strategies, diversity techniques, evaluation, exploit mitigation, Measurement, Metrics, program compilers, Program processors, pubcrawl, Resiliency, Scalability, scant attention, security of data, Semantics, software diversity, software diversity schemes, software protection, vulnerabilities |
| Abstract | Software diversity promises to invert the current balance of power in cybersecurity by preventing exploit reuse. Nevertheless, the comparative evaluation of diversity techniques has received scant attention. In ongoing work, we use the DARPA Cyber Grand Challenge (CGC) environment to assess the effectiveness of diversifying compilers in mitigating exploits. Our approach provides a quantitative comparison of diversity strategies and demonstrates wide variation in their effectiveness. |
| DOI | 10.1109/DSN-S.2019.00006 |
| Citation Key | kelly_automatically_2019 |
Automatically Validating the Effectiveness of Software Diversity Schemes