| Title | Evaluating Software Diversity Based on Gadget Feature Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Xie, Genlin, Cheng, Guozhen, Liang, Hao, Wang, Qingfeng, He, Benwei |
| Conference Name | 2022 IEEE 8th International Conference on Computer and Communications (ICCC) |
| Date Published | dec |
| Keywords | code reuse attack, codes, composability, compositionality, Diversity methods, gadget feature, Gain measurement, Information Reuse, JavaScript engine, Programming, pubcrawl, resilience, Resiliency, security, security gain, Software, software diversity, Software measurement |
| Abstract | Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity. |
| DOI | 10.1109/ICCC56324.2022.10065871 |
| Citation Key | xie_evaluating_2022 |
Evaluating Software Diversity Based on Gadget Feature Analysis