# Reasoning about Probabilistic Defense Mechanisms against Remote Attacks

**Authors:** Mart\'in Ochoa, Sebastian Banescu, Cynthia Disenfeld, Gilles Barthe,, Vijay Ganesh

arXiv: 1701.06743 · 2017-02-20

## TL;DR

This paper introduces a methodology to quantify and compare the security effectiveness of probabilistic defense mechanisms against remote attacks exploiting memory-safety vulnerabilities, providing concrete security bounds.

## Contribution

It proposes a cryptographic-style probabilistic game framework to rigorously derive security guarantees for probabilistic countermeasures in software defenses.

## Key findings

- Security bounds can be rigorously derived for probabilistic defenses.
- The framework allows comparison of different countermeasures and their combinations.
- Practitioners can better assess attack risks using the proposed methodology.

## Abstract

Despite numerous countermeasures proposed by practitioners and researchers, remote control-flow alteration of programs with memory-safety vulnerabilities continues to be a realistic threat. Guaranteeing that complex software is completely free of memory-safety vulnerabilities is extremely expensive. Probabilistic countermeasures that depend on random secret keys are interesting, because they are an inexpensive way to raise the bar for attackers who aim to exploit memory-safety vulnerabilities. Moreover, some countermeasures even support legacy systems. However, it is unclear how to quantify and compare the effectiveness of different probabilistic countermeasures or combinations of such countermeasures. In this paper we propose a methodology to rigorously derive security bounds for probabilistic countermeasures. We argue that by representing security notions in this setting as events in probabilistic games, similarly as done with cryptographic security definitions, concrete and asymptotic guarantees can be obtained against realistic attackers. These guarantees shed light on the effectiveness of single countermeasures and their composition and allow practitioners to more precisely gauge the risk of an attack.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1701.06743/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1701.06743/full.md

## References

31 references — full list in the complete paper: https://tomesphere.com/paper/1701.06743/full.md

---
Source: https://tomesphere.com/paper/1701.06743