Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Proactive Obfuscation

Tom Roeder and Fred B. Schneider

Abstract

Proactive obfuscation is a new method for creating server replicas that are likely to have fewer shared vulnerabilities. It uses semantics-preserving code transformations to generate diverse executables, periodically restarting servers with these fresh versions. The periodic restarts help bound the number of compromised replicas that a service ever concurrently runs, and therefore proactive obfuscation makes an adversary’s job harder. Proactive obfuscation was used in implementing two prototypes: a distributed firewall based on state-machine replication and a distributed storage service based on quorum systems. Costs intrinsic to supporting proactive obfuscation in replicated systems were evaluated by measuring the performance of these prototypes. The results show that employing proactive obfuscation adds little to the cost of replica-management protocols.

Details

Publication typeArticle
Published inACM Transactions on Computer Systems
URLhttp://dx.doi.org/10.1145/1813654.1813655
Pages4:1-4:54
Volume28
Number2
PublisherACM
> Publications > Proactive Obfuscation