JavaScript is disabled for your browser. Some features of this site may not work without it.
Proactive Obfuscation

Author
Roeder, Tom; Schneider, Fred B.
Abstract
Proactive obfuscation is a new method for creating server
replicas that are likely to have fewer shared vulnerabilities. It
uses semantics-preserving code transformations to generate diverse
executables, periodically restarting servers with these fresh
versions. The periodic restarts help bound the number of compromised
replicas that a service ever concurrently runs, and therefore
proactive obfuscation makes an adversary's job harder. Proactive
obfuscation was used in implementing two prototypes: a distributed
firewall based on state-machine replication and a distributed storage
service based on quorum systems. Costs intrinsic to supporting
proactive obfuscation were quantified by measuring the performance of
these prototypes.
Sponsorship
Supported in part by AFOSR grant
F9550-06-0019, National Science Foundation Grants 0430161 and
CCF-0424422 (TRUST), and Microsoft Corporation.
Date Issued
2009-03-28Subject
fault tolerance; security; reliability; distributed systems
Type
article