In English

Random Code Variation Compilation Automated software diversity’s performance penalties

Christoffer Hao Andersson
Göteborg : Chalmers tekniska högskola, 2018. 68 s.
[Examensarbete på avancerad nivå]

This thesis investigates automated software diversity applied post linking, as a protection method for legitimate applications. A mutation tool was built that can apply different mutation schemes directly on application binaries. Mutation schemes similar to methods used to hide malicious code were implemented. The schemes were applied to a legitimate application. Three properties were then analyzed for each mutation scheme: correctness, uniqueness and performance. Correctness means proper functionality for the mutated code. Uniqueness is how hard it is to recognize the mutated code, knowing the original. Performance is how the mutation affected the application performance-wise. The result showed that the choice of mutation schemes and their parameters greatly affected the uniqueness and performance. It was found that schemes could be grouped into different scheme types, sharing properties in how they work. Finally, it seems like it would be better to apply mutation on a higher level for both performance and uniqueness, either if machine code could be lifted to a higher-level language or if the mutation were integrated directly in the compiler and linker.

Nyckelord: Automated Software Diversity, Mutation, Compiling, Security, Performance, Metamorphic, Injection, Malicious Code, Virus, Cheat

Publikationen registrerades 2018-12-14. Den ändrades senast 2018-12-14

CPL ID: 256397

Detta är en tjänst från Chalmers bibliotek