Frankencode: Creating Diverse Programs Using Code Clones

Frankencode: Creating Diverse Programs Using Code Clones
Abstract

In this paper, we present an approach to detecting novel cyber attacks though a form of program diversification, similar to the use of n-version programming for fault tolerant systems. Building on extensive previous and ongoing work by others on the use of code clones in a wide variety of areas, our Functionally Equivalent Variants using Information Synchronization (FEVIS) system automatically generates program variants to be run in parallel, seeking to detect attacks through divergence in behavior. Unlike approaches to diversification that only change program memory layout and behavior, FEVIS can detect attacks exploiting vulnerabilities in execution timing, string processing, and other logic errors.

We are in the early stages of research and development for this approach, but have made sufficient progress to provide a proof of concept and some lessons learned. In this paper we describe FEVIS and its application to diversifying an open-source webserver, with results on several different example classes of attack which FEVIS will detect.

Authors
Haley Borck Mark Boddy, Ph.D. Ian De Silva Stephen Harp Ken Hoyme Steve Johnston August Schwerdfeger Mary Southern
Year of Publication
2016
Source
2016 IEEE 23nd International Conference on Software Analysis, Evolution and Reengineering (SANER)