Search Based Clustering for Protecting Software with Diversified Updates
Ceccato, Mariano, Falcarin, P., Cabutto, Alessandro, Frezghi, Yosief Weldezghi and Staicu, Cristian-Alexandru 2016. Search Based Clustering for Protecting Software with Diversified Updates. in: Sarro, Federica and Deb, Kalyanmoy (ed.) Search Based Software Engineering Springer.
|Authors||Ceccato, Mariano, Falcarin, P., Cabutto, Alessandro, Frezghi, Yosief Weldezghi and Staicu, Cristian-Alexandru|
|Editors||Sarro, Federica and Deb, Kalyanmoy|
Reverse engineering is usually the stepping stone of a variety of at-tacks aiming at identifying sensitive information (keys, credentials, data, algo-rithms) or vulnerabilities and ﬂaws for broader exploitation. Software applica-tions are usually deployed as identical binary code installed on millions of com-puters, enabling an adversary to develop a generic reverse-engineering strategy that, if working on one code instance, could be applied to crack all the other in-stances. A solution to mitigate this problem is represented by Software Diversity, which aims at creating several structurally different (but functionally equivalent) binary code versions out of the same source code, so that even if a successful attack can be elaborated for one version, it should not work on a diversiﬁed ver-sion. In this paper, we address the problem of maximizing software diversity from a search-based optimization point of view. The program to protect is subject to a catalogue of transformations to generate many candidate versions. The problem of selecting the subset of most diversiﬁed versions to be deployed is formulated as an optimisation problem, that we tackle with different search heuristics. We show the applicability of this approach on some popular Android apps.
|Book title||Search Based Software Engineering|
|24 Sep 2016|
|Publication process dates|
|Deposited||06 Oct 2016|
|Series||Lecture Notes in Computer Science|
|Event||8th International Symposium, SSBSE 2016|
|Web address (URL)||http://dx.doi.org/10.1007/978-3-319-47106-8_11|
The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-47106-8_11
|Accepted author manuscript|
2views this month
4downloads this month