International audienceThe predictability of program execution provides attackers a rich source of knowledge who can exploit it to spy or remotely control the program. Moving target defense addresses this issue by constantly switching between many diverse variants of a program, which reduces the certainty that an attacker can have about the program execution. The effectiveness of this approach relies on the availability of a large number of software variants that exhibit different executions. However, current approaches rely on the natural diversity provided by off-the-shelf components, which is very limited. In this paper, we explore the automatic synthesis of large sets of program variants, called sosies. Sosies provide the same expected f...
Part 3: Attacks to Software and Network SystemsInternational audienceWe present a generic framework ...
We developed a reverse engineering technique, named Variant Analysis, aimed for recovering and visua...
Reverse engineering is usually the stepping stone of a variety of attacks aiming at identifying sens...
International audienceThe predictability of program execution provides attackers a rich source of kn...
The predictability of program execution provides attackers a rich source of knowledge who can exploi...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
11 pages, 4 figures, 8 listings, conferenceA few works address the challenge of automating software ...
Abstract—The software monoculture favors attackers over defenders, since it makes all target environ...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
We present an architectural framework for systematically using automated diversity to provide high a...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Hardening avionics systems against cyber attack is difficult and expensive. Attackers benefit from a...
Part 3: Attacks to Software and Network SystemsInternational audienceWe present a generic framework ...
We developed a reverse engineering technique, named Variant Analysis, aimed for recovering and visua...
Reverse engineering is usually the stepping stone of a variety of attacks aiming at identifying sens...
International audienceThe predictability of program execution provides attackers a rich source of kn...
The predictability of program execution provides attackers a rich source of knowledge who can exploi...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
11 pages, 4 figures, 8 listings, conferenceA few works address the challenge of automating software ...
Abstract—The software monoculture favors attackers over defenders, since it makes all target environ...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
We present an architectural framework for systematically using automated diversity to provide high a...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Hardening avionics systems against cyber attack is difficult and expensive. Attackers benefit from a...
Part 3: Attacks to Software and Network SystemsInternational audienceWe present a generic framework ...
We developed a reverse engineering technique, named Variant Analysis, aimed for recovering and visua...
Reverse engineering is usually the stepping stone of a variety of attacks aiming at identifying sens...