We have been investigating compiler-generated software diversity as a defense mechanism against cyber attacks. This approach is in many ways similar to biodiversity in nature.
Imagine an “App Store” containing a diversification engine (a “multicompiler”) that automatically generates a unique version of every program for every user. All the different versions of the same program behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, any specific attack will succeed only on a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them.
Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets.
We have built such a multicompiler which is now available as a prototype. We can diversify large software distributions such as the Firefox and Chromium web browsers or a complete Linux distribution. I will present some preliminary benchmarks and will also address some practical issues such as the problem of reporting errors when every binary is unique, and updating of diversified software.
Speaker Biography
Prof. Michael Franz was an early pioneer in the areas of mobile code and dynamic compilation. He created an early just-in-time compilation system, contributed to the theory and practice of continuous compilation and optimization, and co-invented the trace compilation technology that eventually became the JavaScript engine in Mozilla’s Firefox browser. His current research emphases lie in the areas of Systems Software, particularly focusing on compilers and virtual machines, in Trustworthy Computing, with a focus on biologically-inspired defenses such as automated code diversity and on information-flow, and in Software Engineering, with an emphasis on software architecture for secure systems and on reducing the trusted code base. Dr. Franz is the Principal Investigator on many competitive grants from the federal government, totaling well over $11M (of which more than $7M as sole PI), and has received well over half a million dollars in unrestricted gifts from industry in appreciation of the research innovations he has contributed. Franz received a Dr. sc. techn. degree in Computer Science (advisor: Niklaus Wirth) and a Dipl. Informatik-Ing. ETH degree, both from the Swiss Federal Institute of Technology, ETH Zurich. He is a Distinguished Scientist of the Association for Computing Machinery (ACM) and a Senior Member of The Institute of Electrical and Electronics Engineers (IEEE).