A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense

Sultan Aldossary; William Allen; Shengzhi Zhang

doi:10.1109/CSCI.2017.338

A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense

Sultan Aldossary, William Allen, Shengzhi Zhang

Computer Engineering

Florida Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The address space randomization technique was proposed to make determining the address of a shared library more difficult since each instance of the program is loaded into a random base address. However, when address space randomization layout (ASLR) is implemented on a 32-bit system, an attacker can use a brute force attack to guess the address of the shared library. The main goal of the research described in this paper is to study the use of a dispatching algorithm and multiple back-end servers as a moving target defense technique to mitigate ASLR weaknesses. First, we present a brute force attack when the number of servers is known. Second, we present a brute force attack when the number of servers is unknown. Last, we present the probability of the attacker's success on both of the attacks.

Original language	English
Title of host publication	Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017
Editors	Fernando G. Tinetti, Quoc-Nam Tran, Leonidas Deligiannidis, Mary Qu Yang, Mary Qu Yang, Hamid R. Arabnia
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	61-67
Number of pages	7
ISBN (Electronic)	9781538626528
DOIs	https://doi.org/10.1109/CSCI.2017.338
State	Published - 4 Dec 2018
Event	2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017 - Las Vegas, United States Duration: 14 Dec 2017 → 16 Dec 2017

Publication series

Name	Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017

Conference

Conference	2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017
Country/Territory	United States
City	Las Vegas
Period	14/12/17 → 16/12/17

Keywords

Buffer overflow attack

Access to Document

10.1109/CSCI.2017.338

Cite this

Aldossary, S., Allen, W., & Zhang, S. (2018). A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense. In F. G. Tinetti, Q.-N. Tran, L. Deligiannidis, M. Q. Yang, M. Q. Yang, & H. R. Arabnia (Eds.), Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017 (pp. 61-67). Article 8560762 (Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CSCI.2017.338

Aldossary, Sultan ; Allen, William ; Zhang, Shengzhi. / A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense. Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017. editor / Fernando G. Tinetti ; Quoc-Nam Tran ; Leonidas Deligiannidis ; Mary Qu Yang ; Mary Qu Yang ; Hamid R. Arabnia. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 61-67 (Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017).

@inproceedings{e66eba393cb54b9c95a9817dd92c9517,

title = "A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense",

abstract = "The address space randomization technique was proposed to make determining the address of a shared library more difficult since each instance of the program is loaded into a random base address. However, when address space randomization layout (ASLR) is implemented on a 32-bit system, an attacker can use a brute force attack to guess the address of the shared library. The main goal of the research described in this paper is to study the use of a dispatching algorithm and multiple back-end servers as a moving target defense technique to mitigate ASLR weaknesses. First, we present a brute force attack when the number of servers is known. Second, we present a brute force attack when the number of servers is unknown. Last, we present the probability of the attacker's success on both of the attacks.",

keywords = "Buffer overflow attack",

author = "Sultan Aldossary and William Allen and Shengzhi Zhang",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017 ; Conference date: 14-12-2017 Through 16-12-2017",

year = "2018",

month = dec,

day = "4",

doi = "10.1109/CSCI.2017.338",

language = "English",

series = "Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "61--67",

editor = "Tinetti, \{Fernando G.\} and Quoc-Nam Tran and Leonidas Deligiannidis and Yang, \{Mary Qu\} and Yang, \{Mary Qu\} and Arabnia, \{Hamid R.\}",

booktitle = "Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017",

address = "United States",

}

Aldossary, S, Allen, W & Zhang, S 2018, A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense. in FG Tinetti, Q-N Tran, L Deligiannidis, MQ Yang, MQ Yang & HR Arabnia (eds), Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017., 8560762, Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017, Institute of Electrical and Electronics Engineers Inc., pp. 61-67, 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017, Las Vegas, United States, 14/12/17. https://doi.org/10.1109/CSCI.2017.338

A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense. / Aldossary, Sultan; Allen, William; Zhang, Shengzhi.
Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017. ed. / Fernando G. Tinetti; Quoc-Nam Tran; Leonidas Deligiannidis; Mary Qu Yang; Mary Qu Yang; Hamid R. Arabnia. Institute of Electrical and Electronics Engineers Inc., 2018. p. 61-67 8560762 (Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense

AU - Aldossary, Sultan

AU - Allen, William

AU - Zhang, Shengzhi

PY - 2018/12/4

Y1 - 2018/12/4

N2 - The address space randomization technique was proposed to make determining the address of a shared library more difficult since each instance of the program is loaded into a random base address. However, when address space randomization layout (ASLR) is implemented on a 32-bit system, an attacker can use a brute force attack to guess the address of the shared library. The main goal of the research described in this paper is to study the use of a dispatching algorithm and multiple back-end servers as a moving target defense technique to mitigate ASLR weaknesses. First, we present a brute force attack when the number of servers is known. Second, we present a brute force attack when the number of servers is unknown. Last, we present the probability of the attacker's success on both of the attacks.

AB - The address space randomization technique was proposed to make determining the address of a shared library more difficult since each instance of the program is loaded into a random base address. However, when address space randomization layout (ASLR) is implemented on a 32-bit system, an attacker can use a brute force attack to guess the address of the shared library. The main goal of the research described in this paper is to study the use of a dispatching algorithm and multiple back-end servers as a moving target defense technique to mitigate ASLR weaknesses. First, we present a brute force attack when the number of servers is known. Second, we present a brute force attack when the number of servers is unknown. Last, we present the probability of the attacker's success on both of the attacks.

KW - Buffer overflow attack

UR - http://www.scopus.com/inward/record.url?scp=85060633255&partnerID=8YFLogxK

U2 - 10.1109/CSCI.2017.338

DO - 10.1109/CSCI.2017.338

M3 - Conference contribution

AN - SCOPUS:85060633255

T3 - Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017

SP - 61

EP - 67

BT - Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017

A2 - Tinetti, Fernando G.

A2 - Tran, Quoc-Nam

A2 - Deligiannidis, Leonidas

A2 - Yang, Mary Qu

A2 - Arabnia, Hamid R.

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017

Y2 - 14 December 2017 through 16 December 2017

ER -

Aldossary S, Allen W, Zhang S. A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense. In Tinetti FG, Tran QN, Deligiannidis L, Yang MQ, Yang MQ, Arabnia HR, editors, Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 61-67. 8560762. (Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017). doi: 10.1109/CSCI.2017.338

A Mathematical Model of Mitigating Memory Randomization Weakness via Moving Target Defense

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this