We propose to apply viral metamorphic transformation techniques to increase code diversification in homogenous virtualized environments. The idea of metamorphic transformation is borrowed from the computer virus world. By applying semantics preserving transformations to its own code, a metamorphic virus aims to create different versions of itself that escape detection by anti-viral software. Ironically, the metamorphic virus shares many of the characteristics that we have identified as desirable for increasing the diversification and resilience of legitimate software against automated attack. Like the virus, we want to reduce the number of identifiable patterns in the system. This is so that we can prevent an attackerÂ’s exploit code from using hardcoded offsets or patterns to locate, call, or subvert critical Operating System functions. Also like the virus, we seek to increase the difficulty of program analysis. By applying metamorphic transformations to system code, we can increase the burden on the attacker by requiring advanced capabilities like disassemblers that are impractical or unlikely to fit within most exploit payloads. Finally, because metamorphic transformations can be applied to binary code without affecting its underlying functionality, we anticipate being able to achieve maximum transparancy and interoperability with other, higher level diversification approaches.
Benefit: A platform for automated diversification will be valuable to the government, especially in the defense sector to improve the resiliency and survivability among homogenous virtualized systems. Defense applications are likely to include peripheral network nodes in command and control centers and high performance computing centers that are exposed to unpredictable hostile threats over the internet. These systems will benefit from technologies designed to reduce susceptibility to automated attacks including viruses, trojans, worms, and botnets. These technologies will also be valuable in the commercial sector. By reducing susceptibility to attacks our solution will help minimize system downtime and translate to increased efficiency and reduced cost for businesses.
Keywords: Software Diversity, Hypervisor, Metamorphism, Binary Transformation
