Comet Calendar Event Details

Software Immunity via Large-Scale Diversification
Monday, Jan 14, 2013
2:30 p.m. - 3:30 p.m. Location: ECSS 2.102

Dr. Michael Franz
 Professor of Computer Science

 UCI's Donald Bren School of Information and Computer Sciences

 

Abstract

 

We have been investigating compiler-generated software diversity as a defense mechanism against software attacks. Imagine an "App Store" containing a diversification engine (a "multicompiler") that automatically generates a unique version of every program for every user. All the different versions of the same program behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, any specific attack will succeed only on a small fraction of targets. An attacker would require a large number of different attacks and would have no way of knowing a priori which specific attack will succeed on which specific target. Equally importantly, this approach makes it much more difficult for an attacker to generate attack vectors by way of reverse engineering of security patches.

 

We have built such a multicompiler which is now available as a prototype. We can diversify large software distributions such as the Chromium web browser or a complete Linux distribution. I will present some preliminary benchmarks and will also address some practical issues such as the problem of reporting errors when every binary is unique, and updating of diversified software.

 

Biography

 

Professor Michael Franz is a Professor of Computer Science in UCI's Donald Bren School of Information and Computer Sciences, a Professor of Electrical Engineering and Computer Science (by courtesy) in UCI's Henry Samueli School of Engineering, and the director of UCI’s Secure Systems and Software Laboratory. He received the Dr. sc. techn. (advisor: Niklaus Wirth) and the Dipl. Informatik-Ing. ETH degrees from ETH Zurich, the Swiss Federal Institute of Technology.

Contact Info:
Rhonda Walls,
Questions? Email me.

Tagged as Lectures/Seminars
See more events from Engineering and Computer Science
View other events on the Comet Calendar