A Systematic Approach to Automated Software Diversity Using Unison

Abstract: Unison is a tool that combines instruction scheduling and register allocation as a single combinatorial problem and solves it using constraint programming, which is a programming paradigm for systematically solving combinatorial problems. Automated software diversity is the process of automatically providing diverse executables in an effort to break so called gadgets, which are short instruction sequences that together make up an attack vector. Attacks that utilize gadgets rely heavily on the arrangement of the code in the executable. By providing a population of executables with equivalent functionality but different arrangements an adversary must construct a unique payload for each executable. The idea is to mount a proactive defense against adversaries and limit the reusability of each constructed payload. The results when using Unison to systematically generate diverse executables show that the number of possible pairwise distinct executables is often larger than 1000000, even for small functions (less than ten instructions). Using Unison to force the executables to differ in a particular way is simple to implement, only a handful lines of code. One strategy evaluated in the experiment resulted in that the most frequent gadget only appeared in 24% of versions, and 82% of the gadgets only appeared in one program version each. However, future work is required before anything consumer oriented can be evaluated, in part because Unison does not support the x86 architecture.