Abstract : Offensive and defensive players in the cyber security sphere constantly react to either party’s actions. This reactive approach works well for attackers but can be devastating for defenders. This approach also models the software security patching lifecycle. Patches fix security flaws, but when deployed, can be used to develop malicious exploits.To make exploit generation using patches more resource intensive, we propose inserting deception into software security patches. These ghost patches mislead attackers with deception and fix legitimate flaws in code. An adversary using ghost patches to develop exploits will be forced to use additional resources. We implement a proof of concept for ghost patches and evaluate their impact on program analysis and runtime. We find that these patches have a statistically significant impact on dynamic analysis runtime, increasing time to analyze by a factor of up to 14x, but do not have a statistically significant impact on program runtime.
Type de document :
Communication dans un congrès
Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.399-412, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_27〉
https://hal.inria.fr/hal-01648988
Contributeur : Hal Ifip
<>
Soumis le : lundi 27 novembre 2017 - 10:30:57
Dernière modification le : lundi 27 novembre 2017 - 10:34:21
Jeffrey Avery, Eugene Spafford. Ghost Patches: Fake Patches for Fake Vulnerabilities. Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.399-412, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_27〉. 〈hal-01648988〉
