An Architecture A Day Keeps The Hacker Away

David A. Holland, Ada T. Lim, and Margo I. Seltzer

2004 Workshop on Architectural Support for Security and Anti-Virus, Boston, MA

Abstract

System security as it is practiced today is a losing battle. In this paper, we outline a possible comprehensive solution for binary-based attacks, using virtual machines, machine descriptions, and randomization to achieve broad heterogeneity at the machine level. This heterogeneity increases the ``cost'' of broad-based binary attacks to a sufficiently high level that they cease to become feasible. The convergence of several recent technologies appears to make our approach achievable at a reasonable cost, with only moderate run-time overhead.