skip to main content
research-article

VARAN the Unbelievable: An Efficient N-version Execution Framework

Published:14 March 2015Publication History
Skip Abstract Section

Abstract

With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. The key component of such N-version execution (NVX) systems is a runtime monitor that enables the execution of multiple versions in parallel. Unfortunately, existing monitors impose either a large performance overhead or rely on intrusive kernel-level changes. Moreover, none of the existing solutions scales well with the number of versions, since the runtime monitor acts as a performance bottleneck.

In this paper, we introduce Varan, an NVX framework that combines selective binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions, without relying on intrusive kernel modifications.

Our evaluation shows that Varan can run NVX systems based on popular C10k network servers with only a modest performance overhead, and can be effectively used to increase software reliability using techniques such as transparent failover, live sanitization and multi-revision execution.

References

  1. A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine applications. In Proc. of the 9th USENIX Security Symposium (USENIX Security'00), Aug. 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Alexandrov, P. Kmiec, and K. Schauser. Consh: Confined execution environment for Internet computations. http://itslab.inf.kyushu-u.ac.jp/ssr/Links/alexandrov98consh.pdf, Dec. 1998.Google ScholarGoogle Scholar
  3. L. A. Barroso and U. Holzle. The case for energy-proportional computing. Computer, 40:33--37, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Bergan, O. Anderson, J. Devietti, L. Ceze, and D. Grossman. CoreDet: A compiler and runtime system for deterministic multithreaded execution. In Proc. of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'10), Mar. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. E. D. Berger and B. G. Zorn. Diehard: probabilistic memory safety for unsafe languages. In Proc. of the Conference on Programing Language Design and Implementation (PLDI'06), June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. P. Bergheaud, D. Subhraveti, and M. Vertes. Fault tolerance in multiprocessor systems via application cloning. In Proc. of the 27th IEEE International Conference on Distributed Computing Systems (ICDCS'07), June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In Proc. of the International Performance, Computing, and Communications Conference (IPCCC'07), Apr. 2007.Google ScholarGoogle ScholarCross RefCross Ref
  8. C. Cadar and P. Hosek. Multi-version software updates. In Proc. of the 4th Workshop on Hot Topics in Software Upgrades (HotSWUp'12), June 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Cadar, P. Pietzuch, and A. L. Wolf. Multiplicity computing: A vision of software engineering for next-generation computing platform applications. In Proc. of the FSE/SDP workshop on the Future of Software Engineering Research (FoSER'10), Nov. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. Capizzi, A. Long, V. Venkatakrishnan, and A. P. Sistla. Preventing information leaks through shadow executions. In Proc. of the 24th Annual Computer Security Applications Conference (ACSAC'08), Dec. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. L. Chen and A. Avizienis. N-version programming: A fault-tolerance approach to reliability of software operation. In Proc. of the 8th IEEE International Symposium on Fault Tolerant Computing (FTCS'78), June 1978.Google ScholarGoogle Scholar
  12. Chromium.org. Linux Zygote: The use of zygotes on Linux. https://code.google.com/p/chromium/wiki/LinuxZygote.Google ScholarGoogle Scholar
  13. B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: a secretless framework for security through diversity. In Proc. of the 15th USENIX Security Symposium (USENIX Security'06), July-Aug. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Devries and F. Piessens. Noninterference through secure multi-execution. In Proc. of the IEEE Symposium on Security and Privacy (IEEE S&P'10), May 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. H. Franke, R. Russell, and M. Kirkwood. Fuss, futexes and furwocks: Fast userlevel locking in Linux. In Proc. of the 2002 Ottawa Linux Symposium (OLS'02), June 2002.Google ScholarGoogle Scholar
  16. T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A delegating architecture for secure system call interposition. In Proc. of the 11th Network and Distributed System Security Symposium (NDSS'04), Feb. 2004.Google ScholarGoogle Scholar
  17. D. Geels, G. Altekar, S. Shenker, and I. Stoica. Replay debugging for distributed applications. In Proc. of the 2006 USENIX Annual Technical Conference (USENIX ATC'06), May-June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Giacomoni, T. Moseley, and M. Vachharajani. FastForward for efficient pipeline parallelism: a cache-optimized concurrent lock-free queue. In Proc. of the 13th ACM Symposium on Principles and Practice of Parallel Programming (PPoPP'08), Feb. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications confining the wily hacker. In Proc. of the 6th USENIX Security Symposium (USENIX Security'96), July 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Z. Guo, X. Wang, J. Tang, X. Liu, Z. Xu, M. Wu, M. F. Kaashoek, and Z. Zhang. R2: An application-level kernel for record and replay. In Proc. of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI'08), Dec. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. P. Hosek and C. Cadar. Safe software updates via multi-version execution. In Proc. of the 35th International Conference on Software Engineering (ICSE'13), May 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. G. Hunt and D. Brubacher. Detours: Binary interception of Win32 functions. In Proc. of the 3rd USENIX Windows NT Symposium (USENIX NT'99), July 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. K. Jain and R. Sekar. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In Proc. of the 6th Network and Distributed System Security Symposium (NDSS'99), Feb. 1999.Google ScholarGoogle Scholar
  24. A. Jaleel. Memory characterization of workloads using instrumentation-driven simulation. Technical report, Intel Corporation, 2007.Google ScholarGoogle Scholar
  25. T. Kim and N. Zeldovich. Practical and effective sandboxing for non-root users. In Proc. of the 2013 USENIX Annual Technical Conference (USENIX ATC'13), June 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In Proc. of the 11th USENIX Security Symposium (USENIX Security'02), Aug. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. O. Laadan, N. Viennot, and J. Nieh. Transparent, lightweight application execution replay on commodity multiprocessor operating systems. In Proc. of the ACM SIGMETRICS 2010 (SIGMETRICS'10), June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. L. Lamport. Time, clocks, and the ordering of events in a distributed system. Communications of the Association for Computing Machinery (CACM), 21(7):558--565, July 1978. ISSN 0001-0782. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. P. P.-C. Lee, T. Bu, and G. Chandranmenon. A lock-free, cache-efficient multi-core synchronization mechanism for line-rate network traffic monitoring. In Proc. of the 24th IEEE International Parallel & Distributed Processing Symposium (IPDPS'10), Apr. 2010.Google ScholarGoogle ScholarCross RefCross Ref
  30. L. Levrouw, K. Audenaert, and J. Van Campenhout. A new trace and replay system for shared memory programs based on Lamport clocks. In Proc. of the 6th IEEE International Parallel & Distributed Processing Symposium (IPDPS'94), Oct. 1994.Google ScholarGoogle ScholarCross RefCross Ref
  31. T. Liu, C. Curtsinger, and E. D. Berger. D THREADS: Efficient deterministic multithreading. In Proc. of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), Oct. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proc. of the Conference on Programing Language Design and Implementation (PLDI'05), June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Maurer and D. Brumley. TACHYON: Tandem execution for efficient live patch testing. In Proc. of the 21st USENIX Security Symposium (USENIX Security'12), Aug. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. McCanne and V. Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In Proc. of the 1993 Winter USENIX Conference, Jan. 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. Nanda, W. Li, L.-C. Lam, and T. cker Chiueh. BIRD: Binary interpretation using runtime disassembly. In Proc. of the 4th International Symposium on Code Generation and Optimization (CGO'06), Mar. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. N. Provos. Improving host security with system call policies. In Proc. of the 11th USENIX Security Symposium (USENIX Security'02), Aug. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return- oriented programming: Systems, languages, and applications. ACM Transactions on Information and System Security (TIS-SEC), 15(1):2:1--2:34, Mar. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Ronsse and K. De Bosschere. RecPlay: A fully integrated practical record/replay system. ACM Transactions on Computer Systems (TOCS), 17(2):133--152, May 1999. ISSN 0734-2071. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Y. Saito. Jockey: a user-space library for record-replay debugging. In Proc. of the 6th International Workshop on Automated Debugging (AADEBUG'05), Sept. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In Proc. of the 4th European Conference on Computer Systems (EuroSys'09), Mar.-Apr. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. Sidiroglou, S. Ioannidis, and A. D. Keromytis. Band-aid patching. In Proc. of the 3rd Workshop on Hot Topics in System Dependability (HotDep'07), June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. M. Thompson, D. Farley, M. Barker, P. Gee, and A. Stewart. Disruptor: High performance alternative to bounded queues for exchanging data between concurrent threads. Technical report, LMAX, 2011. URL http://lmax-exchange.github.io/disruptor/files/Disruptor-1.0.pdf.Google ScholarGoogle Scholar
  43. J. Tucek, W. Xiong, and Y. Zhou. Efficient online validation with delta execution. In Proc. of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'09), Mar. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. K. Veeraraghavan, P. M. Chen, J. Flinn, and S. Narayanasamy. Detecting and surviving data races using complementary schedules. In Proc. of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), Oct. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. M. A. Vouk. Back-to-back testing. Information and Software Technology (IST), 32:34--45, Jan.-Feb. 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. D. A. Wagner. Janus: an approach for confinement of untrusted applications. Technical Report UCB/CSD-99-1056, University of California at Berkley, 1999. URL http://www.eecs.berkeley.edu/Pubs/TechRpts/1999/5271.html. Google ScholarGoogle Scholar
  47. H. Xue, N. Dautenhahn, and S. T. King. Using replicated execution for a more secure and reliable web browser. In Proc. of the 19th Network and Distributed System Security Symposium (NDSS'12), Feb. 2012.Google ScholarGoogle Scholar
  48. A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In Proc. of the 4th USENIX Symposium on Networked Systems Design and Implementation (NSDI'07), Apr. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. VARAN the Unbelievable: An Efficient N-version Execution Framework

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!