Moving target defense for legacy software systems
A radical defense solution that protects legacy systems from Return Oriented Programming (ROP) cyberattacks
Today’s cybersecurity playing field is fundamentally asymmetric. Attackers are easily able to identify weaknesses in a target system once they have access to its code and configuration. As a result, defenders are perpetually playing a game of catch-up to secure their systems post-attack. ROP attacks are particularly insidious in that they harness software components aka ‘gadgets’ within the system to carry out their actions. Once devised, such attacks are easy to accomplish due to target systems being essentially static.
Perspecta Labs’ ROP Protector is a radical defense solution that protects legacy systems from ROP cyberattacks. Considered a moving target solution for cyber defense, ROP Protector ensures that the target system itself is dynamic, preventing attacks that aim to leverage static gadgets within the system. ROP Protector creates a morphed version of the target system that has exactly the same set of capabilities as the original, yet does not have the gadgets that the attack depends on.
ROP Protector is particularly valuable in the case of legacy systems for which source code is unavailable since it is a pure binary-to-binary code scrambling solution. Studies have shown that neither the capabilities nor the performance of well-known applications (e.g. the Apache webserver) are impacted after being scrambled by ROP Protector. Thus, ROP Protector is an efficient and practical capability for the ROP defense needs of legacy systems.
ROP Protector value and benefits:
Vulnerable system is protected against ROP attacks without new development effort
Protection is achieved without exposing underlying Intellectual Property in source code
System performance is not impacted
Protection is built into target system, no new components are added
Defends by preventing the attack instead of acting in response to it
Operation is transparent to end users