Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday January 03 2017, @08:01AM   Printer-friendly
from the how-do-you-debug-it? dept.

As long as humans are writing software, there will be coding mistakes for malicious hackers to exploit. A single bug can open the door to attackers deleting files, copying credit card numbers or carrying out political mischief.

A new program called Shuffler [pdf] tries to preempt such attacks by allowing programs to continuously scramble their code as they run, effectively closing the window of opportunity for an attack. The technique is described in a study [pdf] presented this month at the USENIX Symposium on Operating Systems and Design (OSDI) in Savannah, Ga.

“Shuffler makes it nearly impossible to turn a bug into a functioning attack, defending software developers from their mistakes,” said the study’s lead author, David Williams-King, a graduate student at Columbia Engineering. “Attackers are unable to figure out the program’s layout if the code keeps changing.”

[...] Designed to be user-friendly, Shuffler runs alongside the code it defends, without modifications to program compilers or the computer's operating system. It even randomizes itself to defend against possible bugs in its own code.

The researchers say Shuffler runs faster and requires fewer system changes than similar continuous-randomization software such TASR [pdf] and Remix [pdf], developed at MIT Lincoln Labs and Florida State University respectively.

[...] On computation-heavy workloads, Shuffler slows programs by 15 percent on average, but at larger scales -- a webserver running on 12 CPU cores, for example -- the drop in performance is negligible, the researchers say

[Security through obscurity? --Bytram]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Troll) by Anonymous Coward on Tuesday January 03 2017, @03:17PM

    by Anonymous Coward on Tuesday January 03 2017, @03:17PM (#448928)

     

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  

    Total Score:   -1