Random Code Variation Compilation Automated software diversity’s performance penalties
Examensarbete för masterexamen
Computer science – algorithms, languages and logic (MPALG), MSc
Andersson, Christoffer Hao
This thesis investigates automated software diversity applied post linking, as a protection method for legitimate applications. A mutation tool was built that can apply different mutation schemes directly on application binaries. Mutation schemes similar to methods used to hide malicious code were implemented. The schemes were applied to a legitimate application. Three properties were then analyzed for each mutation scheme: correctness, uniqueness and performance. Correctness means proper functionality for the mutated code. Uniqueness is how hard it is to recognize the mutated code, knowing the original. Performance is how the mutation affected the application performance-wise. The result showed that the choice of mutation schemes and their parameters greatly affected the uniqueness and performance. It was found that schemes could be grouped into different scheme types, sharing properties in how they work. Finally, it seems like it would be better to apply mutation on a higher level for both performance and uniqueness, either if machine code could be lifted to a higher-level language or if the mutation were integrated directly in the compiler and linker.
Data- och informationsvetenskap , Computer and Information Science