dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting

11/04/2020
by   Alexios Voulimeneas, et al.
0

Multi-variant execution (MVX) systems amplify the effectiveness of software diversity techniques. The key idea is to run multiple diversified program variants in lockstep while providing them with the same input and monitoring their run-time behavior for divergences. Thus, adversaries have to compromise all program variants simultaneously to mount an attack successfully. Recent work proposed distributed, heterogeneous MVX systems that leverage different ABIs and ISAs to increase the diversity between program variants further. However, existing distributed MVX system designs suffer from high performance overhead due to time-consuming network transactions for the MVX system's operations. This paper presents dMVX, a novel hybrid distributed MVX design, which incorporates new techniques that significantly reduce the overhead of MVX systems in a distributed setting. Our key insight is that we can intelligently reduce the MVX operations that use expensive network transfers. First, we can limit the monitoring of system calls that are not security-critical. Second, we observe that, in many circumstances, we can also safely cache or avoid replication operations needed for I/O related system calls. Our evaluation shows that dMVX reduces the performance degradation from over 50 realistic server benchmarks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/08/2019

DMON: A Distributed Heterogeneous N-Variant System

N-Variant Execution (NVX) systems utilize software diversity techniques ...
research
04/29/2019

Algorithm Diversity for Resilient Systems

Diversity can significantly increase the resilience of systems, by reduc...
research
12/11/2020

TEEMon: A continuous performance monitoring framework for TEEs

Trusted Execution Environments (TEEs), such as Intel Software Guard eXte...
research
03/25/2021

Multi-Execution Lattices Fast and Slow

Methods for automatically, soundly, and precisely guaranteeing the nonin...
research
09/19/2022

Rapid Recovery of Program Execution Under Power Failures for Embedded Systems with NVM

After power is switched on, recovering the interrupted program from the ...
research
08/24/2017

Fragmented Monitoring

Field data is an invaluable source of information for testers and develo...
research
05/25/2020

Transparent IFC Enforcement: Possibility and (In)Efficiency Results

Information Flow Control (IFC) is a collection of techniques for ensurin...

Please sign up or login with your details

Forgot password? Click here to reset