Discussion Questions
- What security problems does the Forrest paper address? What problems does it not address?
- How plausible/realistic is the model in Mansourzadeh's paper?
- To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
Notes
Lecture 10
----------
- areas of interest are all graded
- please read feedback and follow up as necessary
- message on Teams, we can have a call if necessary
What is the basic approach to diversity taken by the Forrest paper?
- the program source code is a "spec" <-- how it SHOULD behave
- vary how it is translated into an executing program
(as source doesn't specify this precisely)
- memory layout, instruction set, function/system call names and more could vary
So with this approach, what is not diverse?
- the source code!
If the source code is always the same, what kinds of security vulnerabilities CANNOT be addressed with Forrest's approach?
- algorithmic weaknesses (e.g. cryptography)
- higher-level code injection attacks will still work (e.g., SQL injection)
- authentication bypass because of insufficient checks
In fact, most security vulnerabilites won't be impacted by changing how the code is translated
It can really only stop attacks based on machine code injection & timing attacks (MAYBE)
What is the difference between diversity and randomization?
randomization
- uniform selection from a set of possibilities
- always has to be limited as random programs don't do anything
- in practice, can only randomize what isn't functionaly important
diversity is always about functional diversity
- variations that make the system behave differently
- but can "fit" into its role
diversity is always relative, never absolute
To understand diversity, we have to understand the problem it addresses
What is an attack search space?