Constraint-based Diversification of JOP Gadgets

Modern software deployment process produces that is uniform and hence vulnerable to large-scale code-reuse attacks, such as Jump-Oriented Programming (JOP) attacks. Compiler-based diversification improves the resilience of systems by automatically generating different assembly code versions a given program. Existing techniques are efficient but do not have precise control over quality generated variants. This paper introduces Diversity Construction (DivCon), constraint-based approach diversification. Unlike previous approaches, DivCon allows users adjust conflicting goals diversity quality. A key enabler use Large Neighborhood Search (LNS) generate highly diverse efficiently. For larger problems, we propose combination LNS with structural decomposition problem. To further improve efficiency against JOP an application-specific distance measure tailored characteristics We evaluate 20 functions from popular benchmark suite for embedded systems. These experiments show our generates binary programs resilient Our results confirm there trade-off between each version entire pool versions. In particular, near-optimal share small number gadgets. constraint programming researchers practitioners, this demonstrates valuable technique finding solutions. security engineers, extends scope compiler-based performance-critical resource-constrained applications.