Search Based Clustering for Protecting Software with Diversified Updates


Autoria(s): Ceccato, Mariano; Falcarin, Paolo; Cabutto, Alessandro; Frezghi, Yosief Weldezghi; Staicu, Cristian-Alexandru
Contribuinte(s)

Sarro, Federica

Deb, Kalyanmoy

Data(s)

24/09/2016

Resumo

Reverse engineering is usually the stepping stone of a variety of at-tacks aiming at identifying sensitive information (keys, credentials, data, algo-rithms) or vulnerabilities and flaws for broader exploitation. Software applica-tions are usually deployed as identical binary code installed on millions of com-puters, enabling an adversary to develop a generic reverse-engineering strategy that, if working on one code instance, could be applied to crack all the other in-stances. A solution to mitigate this problem is represented by Software Diversity, which aims at creating several structurally different (but functionally equivalent) binary code versions out of the same source code, so that even if a successful attack can be elaborated for one version, it should not work on a diversified ver-sion. In this paper, we address the problem of maximizing software diversity from a search-based optimization point of view. The program to protect is subject to a catalogue of transformations to generate many candidate versions. The problem of selecting the subset of most diversified versions to be deployed is formulated as an optimisation problem, that we tackle with different search heuristics. We show the applicability of this approach on some popular Android apps.

Formato

text

Identificador

http://roar.uel.ac.uk/5275/1/ceccato-falcarin-SSBSE-2016-camera-ready-main.pdf

Ceccato, Mariano and Falcarin, Paolo and Cabutto, Alessandro and Frezghi, Yosief Weldezghi and Staicu, Cristian-Alexandru (2016) ‘Search Based Clustering for Protecting Software with Diversified Updates’, in Sarro, Federica and Deb, Kalyanmoy (eds.) Search Based Software Engineering. 8th International Symposium, SSBSE 2016. Raleigh, NC, USA, October 8-10, 2016. Springer, pp. 159-175. (Lecture Notes in Computer Science, 9962).

Publicador

Springer

Relação

http://dx.doi.org/10.1007/978-3-319-47106-8_11

http://roar.uel.ac.uk/5275/

Tipo

Book Section

PeerReviewed