HeterSec - Software diversification using ISA heterogeneity

Software diversification is one of the most effective ways to defeat memory corruption-based exploits. Traditional software diversification mutates program memory layout and makes it difficult for attackers to pinpoint the precise location of a targeted vulnerability. Recent work illustrates the promise of improving software security using instruction-set-architecture (ISA) diversification.

Overview of HeterSec

HeterSec is a software framework that enables application software diversification using ISA heterogeneity, utilizing off-the-shelf commodity machines of different ISAs (e.g., x86-64, AArch64). Leveraging the Popcorn Linux infrastructure, HeterSec hides the complex differences between ISAs including that between instructions, memory layout, registers, and ABIs, among others, and makes it easier to build and launch ISA-diversified application instances. To demonstrate HeterSec's objectives, the project has developed prototypes of two techniques that use ISA heterogeneity for software diversification as proofs-of-concept: multi-ISA-based moving target defense (MTD) and multi-ISA-based multi-version execution (MVX).

You can find more information about HeterSec in the following papers:

• A Framework for Software Diversification with ISA Heterogeneity, X. Wang, S. Yeoh, R. Lyerly, P. Olivier, S-H. Kim, and B. Ravindran, 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), Donostia / San Sebastian, Spain, October 14-16, 2020
• Secure and Efficient In-process Monitor (and Library) Protection with Intel MPK, X. Wang, S. Yeoh, P. Olivier, and B. Ravindran, 13th European Workshop on Systems Security (EuroSec 2020), Co-located with EuroSys 2020, April 27, 2020, Heraklion, Crete, Greece