Creating diverse code involves practical code level manipulation techniques such as obfuscation, insertion, and randomisation of code, data, or binary files to generate different versions of software with the same functionality. Some techniques have been designed that can be applied at the source, or compilation and linking stage, usually prior to software distribution, whilst other techniques have been developed to be applied after distribution such as during installation, loading, or program execution [178]. Research has shown that diversifying software is possible using these techniques. Additionally, larger scale experiments have been carried out recently that prove diversity can actually be a viable method for wide scale use [179],[180]. There are some key types of attacks against which code level diversification is good at guarding. These include information leaks, memory corruption such as buffer overflows, as well as code injection and code reuse, the majority of which can allow the propagation of malware [181] [182] [178]. Vulnerabilities allowing these types of attacks are discussed in section 3.3.4.
3.4.2.1 Source Code Transformations
Generating different source code implementations has been widely researched within the field of fault tolerance, where the idea originated from N-version programming, and has often been a manual task [178]. Techniques for the automatic generation of source code are more recent. Source code transformations is a technique used to automatically create a diverse set of program variants by undergoing different transformations given a baseline source code. Some of the transformations are purely random while others involve program analysis [179], and are all based on
removing, adding or replacing statements in source code [180]. This technique has been demonstrated by performing diversity transformations on the server side of a client-server network [179]. Multiple cloned copies of the server software stack, called request handlers are generated to deal with incoming requests. Instead of using cloned copies, these multiple copies could all be different providing diversification.
3.4.2.2 Compiler Transformations
Compilers are used to translate high level source code into low-level machine code automatically. Some diversity techniques take advantage of this process already in place by extending existing compilers to automatically diversify machine code.
The NOP insertion technique [33] [34] works by randomly inserting non- alignment, no operation (NOP) instructions during compile time giving a large number of program variants. A NOP is an instruction that the processor fetches and executes without any effect on the processor register or machine memory. Although adding NOP instructions can positively impact diversity it can also negatively affect the performance of the generated binary file.
Another proposed method utilises the compiler optimisation algorithm. Compilers usually try to find the best binary implementation to give optimum performance out of numerous possibilities. Instead of choosing the best solution, the
alternative compiler solutions could also be used to generate alternative unique
3.4.2.3 Address Space Randomisation
Address space randomisation randomises the locations of data and code objects in
memory [184]. Address space layout randomisation (ASLR) is one of the most well known diversity techniques which randomises the layout of a section of memory for an executing program. A compiler equips the code for base address randomisation and then the operating system changes the virtual memory addresses at which the code is loaded [178]. The idea is to provide some protection from memory vulnerabilities without needing to remove them from the system such as those involving code injection buffer overflow attacks (§3.3.4). Since the randomisation on each machine is different, any exploit that depends on a specific relative memory address will generally fail. ASLR is in widespread use within operating systems such as Google Android, Linux, Microsoft Windows, and iOS [185] [186].
3.4.2.4 Data Space Randomisation
Data space randomisation (DSR) [187] is where the representation of different data
objects or code in memory is randomised. Data space randomisation can be implemented in a variety of ways [185]. One way to modify the data is through encryption such as to logically XOR each data object in memory with a unique mask and then decrypt it before it is used. In the case of a memory vulnerability attack for example using code injection (§3.3.4), the attacker would only be able to write a random value into memory rather than the intended value [187].
3.4.2.5 Instruction Set Randomisation
Instruction set randomisation (ISR) creates a unique set of synthetic instruction sets
randomly for each computer such as for the Intel x86 machine code [188] [189] [190] [191]. Translation from the synthetic instruction set to the instruction set of the actual target computer requires an interpreter or just-in-time compiler. Code injection attacks utilise the synthetic instruction set and therefore are unable to penetrate into the system.
3.4.2.6 Executable Code Randomisation
Randomisation techniques such as ASLR and ISR that rely on the 32-bit and 64- bit architectures can potentially be open to brute force attacks [168] [192] where an attacker has many attempts with different combinations until successful. Executable
code randomisation is where executable code is broken into many functional blocks
that can be shuffled in memory just before execution [181]. The number of unique permutations is higher than ASLR. With 5 blocks there are factorial permutations making a brute force attack difficult.
Another technique named In-place code randomisation [193] is based on the randomisation of the code sections of binary executable files. Firstly code is extracted from the executable binaries using a disassembler, and then transformations are conducted on small sections of code such as substitution with functionally equivalent alternatives, reordering of instructions, and reordering of register preservation code.