DMON: A Distributed Heterogeneous N-Variant System

03/08/2019
by   Alexios Voulimeneas, et al.
0

N-Variant Execution (NVX) systems utilize software diversity techniques for enhancing software security. The general idea is to run multiple different variants of the same program alongside each other while monitoring their run-time behavior. If the internal disparity between the running variants causes observable differences in response to malicious inputs, the monitor can detect such divergences in execution and then raise an alert and/or terminate execution. Existing NVX systems execute multiple, artificially diversified program variants on a single host. This paper presents a novel, distributed NVX design that executes program variants across multiple heterogeneous host computers; our prototype implementation combines an x86-64 host with an ARMv8 host. Our approach greatly increases the level of "internal different-ness" between the simultaneously running variants that can be supported, encompassing different instruction sets, endianness, calling conventions, system call interfaces, and potentially also differences in hardware security features. A major challenge to building such a heterogeneous distributed NVX system is performance. We present solutions to some of the main performance challenges. We evaluate our prototype system implementing these ideas to show that it can provide reasonable performance on a wide range of realistic workloads.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/04/2020

dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting

Multi-variant execution (MVX) systems amplify the effectiveness of softw...
research
03/16/2020

Software-Based Monitoring and Analysis of a USB Host Controller Subject to Electrostatic Discharge

Observing, understanding, and mitigating the effects of failure in embed...
research
05/30/2022

Anti-virus Autobots: Predicting More Infectious Virus Variants for Pandemic Prevention through Deep Learning

More infectious virus variants can arise from rapid mutations in their p...
research
04/29/2019

Algorithm Diversity for Resilient Systems

Diversity can significantly increase the resilience of systems, by reduc...
research
11/22/2017

PartiSan: Fast and Flexible Sanitization via Run-time Partitioning

Code sanitizers are used to automatically detect security vulnerabilitie...
research
12/01/2021

Software Variants for Hardware Trojan Detection and Resilience in COTS Processors

The commercial off-the-shelf (COTS) component based ecosystem provides a...
research
07/21/2022

Towards Specificationless Monitoring of Provenance-Emitting Systems

Monitoring often requires insight into the monitored system as well as c...

Please sign up or login with your details

Forgot password? Click here to reset