Evaluating Software Diversity Based on Gadget Feature Analysis | |
---|---|
Author | |
Abstract |
Information Reuse and Security - Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity. |
Year of Publication |
2022
|
Date Published |
dec
|
DOI |
10.1109/ICCC56324.2022.10065871
|
Google Scholar | BibTeX | DOI |