网络与信息安全学报 (Jun 2023)
Software diversity evaluating method based on gadget feature analysis
Abstract
Software diversity is commonly utilized in scenarios such as software distribution and operating systems to improves system resilience and security.However, existing software diversity evaluation methods are typically based on conventional code features and are relatively limited in scope, which can make it difficult to accurately reflect the security benefits of software diversity.To address this issue, a software diversity evaluation method was proposed from the perspective of ROP attack by analyzing the impact of software diversity on the difficulty of building a gadget attack chain, the attacker’s potentially available computing power, and the attacker’s cost of searching for gadgets in different variants.Metrics for the quality, practicability, and distribution of gadgets were integrated into this method.Testing was conducted using diversity technologies with different granularity.The evaluation results showed that the proposed method could accurately and comprehensively reflect the security gain brought by software diversity.It was observed that software diversity could relocate/modify/delete a large number of gadgets in the software, increasing the cost of attacking different software variants but also leading to different degrees of software expansion.Finally, an analysis and discussion of the advantages and disadvantages of existing diversity techniques were conducted based on the experimental results.
Keywords