Thomas Hobson
Massachusetts Institute of Technology
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Thomas Hobson.
computer and communications security | 2015
David Bigelow; Thomas Hobson; Robert Rudd; William W. Streilein; Hamed Okhravi
Address Space Layout Randomization (ASLR) can increase the cost of exploiting memory corruption vulnerabilities. One major weakness of ASLR is that it assumes the secrecy of memory addresses and is thus ineffective in the face of memory disclosure vulnerabilities. Even fine-grained variants of ASLR are shown to be ineffective against memory disclosures. In this paper we present an approach that synchronizes randomization with potential runtime disclosure. By applying rerandomization to the memory layout of a process every time it generates an output, our approach renders disclosures stale by the time they can be used by attackers to hijack control flow. We have developed a fully functioning prototype for x86_64 C programs by extending the Linux kernel, GCC, and the libc dynamic linker. The prototype operates on C source code and recompiles programs with a set of augmented information required to track pointer locations and support runtime rerandomization. Using this augmented information we dynamically relocate code segments and update code pointer values during runtime. Our evaluation on the SPEC CPU2006 benchmark, along with other applications, show that our technique incurs a very low performance overhead (2.1% on average).
Proceedings of the First ACM Workshop on Moving Target Defense | 2014
Thomas Hobson; Hamed Okhravi; David Bigelow; Robert Rudd; William W. Streilein
Moving Target (MT) defenses have been proposed as a game-changing approach to rebalance the security landscape in favor of the defender. MT techniques make systems less deterministic, less static, and less homogeneous in order to increase the level of effort required to achieve a successful compromise. However, a number of challenges in achieving effective movement lead to weaknesses in MT techniques that can often be used by the attackers to bypass or otherwise nullify the impact of that movement. In this paper, we propose that these challenges can be grouped into three main types: coverage, unpredictability, and timeliness. We provide a description of these challenges and study how they impact prominent MT techniques. We also discuss a number of other considerations faced when designing and deploying MT defenses.
ieee symposium on security and privacy | 2014
Hamed Okhravi; Thomas Hobson; David Bigelow; William W. Streilein
network and distributed system security symposium | 2017
Robert Rudd; Richard Skowyra; David Bigelow; Veer Dedhia; Thomas Hobson; Stephen Crane; Christopher Liebchen; Per Larsen; Lucas Davi; Michael Franz; Ahmad-Reza Sadeghi; Hamed Okhravi
CSET'14 Proceedings of the 7th USENIX conference on Cyber Security Experimentation and Test | 2014
William Herlands; Thomas Hobson; Paula J. Donovan
dependable systems and networks | 2018
Richard Skowyra; Lei Xu; Guofei Gu; Veer Dedhia; Thomas Hobson; Hamed Okhravi; James W. Landry
Archive | 2016
Hamad Okhravi; Chad R. Meiners; William W. Streilein; Thomas Hobson
Archive | 2018
Thomas Hobson; William W. Streilein; Hamed Okhravi; Richard Skowyra; Kevin Bauer; Veer Dedhia; David Bigelow
Archive | 2018
Hamed Okhravi; Thomas Hobson; David Bigelow; Robert Rudd; William W. Streilein
Archive | 2016
Hamed Okhravi; Robert Rudd; David Bigelow; Richard Skowyra; Veer Dedhia; Thomas Hobson; Stephen Crane; Christopher Liebchen; Per Larsen; Lucas Davi; Michael Franz; Ahmad-Reza Sadeghi
Collaboration
Dive into the Thomas Hobson's collaboration.
