operating system protection through program evolution.pptVIP

Operating System Protection Through Program Evolution By Dr. Frederick B. Cohen Presented by William Lu The Ultimate Attack How to defeat defensive measures of a system? The Ultimate Defense How to defend against attackers The Ultimate Defense Current operating systems Space is enormous (all programs that fit in memory) High probability subspace (very small number of versions) No confusion The Ultimate Defense How to increase operating system defenses? The Ultimate Defense More practical solution? (some) Techniques for Program Evolution Equivalent instruction sequences Instruction reordering Variable substitution Equivalent Instruction Sequences What does it do? Instruction Reordering What does it do? Instruction Reordering Variable Substitution What does it do? What to do with these (and other) techniques? Providing Evolution in Defenses How to evolve? Providing Evolution in Defenses When to evolve? Providing Evolution in Defenses When to evolve? After installation? Attacks on Program Evolution Points of Attack Tracing Attack Point of Attack How? Tracing Attacks How? Conclusion Program evolution can increase the complexity for an attacker Create a large search space to make attacks infeasible Need more study to reach maturity * * Gain physical access to the system Reverse engineer defenses Find weak link and exploit Make attacks extremely complex Make costs too high to be worth attacking i.e. passwords Large space Spread out probability density (diffusion) Obscuring stored information (confusion) Reducing coherence How? Unique defense for each system Feasibility? Too many unique defenses to design Compromise? Implement a fixed number of defenses Evolutionary defenses Goal? Produce a large search space Provide confusion Provide diffusion Replaces instruction sequences with equivalent sequences i.e. add 17 is equivalent to add 20 and subtract 3 How does it help defend against attacks? Potentially infinite evolutions Creates enormous possible executions