Abstract
With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. The key component of such N-version execution (NVX) systems is a runtime monitor that enables the execution of multiple versions in parallel. Unfortunately, existing monitors impose either a large performance overhead or rely on intrusive kernel-level changes. Moreover, none of the existing solutions scales well with the number of versions, since the runtime monitor acts as a performance bottleneck.
In this paper, we introduce Varan, an NVX framework that combines selective binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions, without relying on intrusive kernel modifications.
Our evaluation shows that Varan can run NVX systems based on popular C10k network servers with only a modest performance overhead, and can be effectively used to increase software reliability using techniques such as transparent failover, live sanitization and multi-revision execution.
- A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine applications. In Proc. of the 9th USENIX Security Symposium (USENIX Security'00), Aug. 2000. Google Scholar
Digital Library
- A. Alexandrov, P. Kmiec, and K. Schauser. Consh: Confined execution environment for Internet computations. http://itslab.inf.kyushu-u.ac.jp/ssr/Links/alexandrov98consh.pdf, Dec. 1998.Google Scholar
- L. A. Barroso and U. Holzle. The case for energy-proportional computing. Computer, 40:33--37, 2007. Google Scholar
Digital Library
- T. Bergan, O. Anderson, J. Devietti, L. Ceze, and D. Grossman. CoreDet: A compiler and runtime system for deterministic multithreaded execution. In Proc. of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'10), Mar. 2010. Google Scholar
Digital Library
- E. D. Berger and B. G. Zorn. Diehard: probabilistic memory safety for unsafe languages. In Proc. of the Conference on Programing Language Design and Implementation (PLDI'06), June 2006. Google Scholar
Digital Library
- P. Bergheaud, D. Subhraveti, and M. Vertes. Fault tolerance in multiprocessor systems via application cloning. In Proc. of the 27th IEEE International Conference on Distributed Computing Systems (ICDCS'07), June 2007. Google Scholar
Digital Library
- D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In Proc. of the International Performance, Computing, and Communications Conference (IPCCC'07), Apr. 2007.Google Scholar
Cross Ref
- C. Cadar and P. Hosek. Multi-version software updates. In Proc. of the 4th Workshop on Hot Topics in Software Upgrades (HotSWUp'12), June 2012. Google Scholar
Digital Library
- C. Cadar, P. Pietzuch, and A. L. Wolf. Multiplicity computing: A vision of software engineering for next-generation computing platform applications. In Proc. of the FSE/SDP workshop on the Future of Software Engineering Research (FoSER'10), Nov. 2010. Google Scholar
Digital Library
- R. Capizzi, A. Long, V. Venkatakrishnan, and A. P. Sistla. Preventing information leaks through shadow executions. In Proc. of the 24th Annual Computer Security Applications Conference (ACSAC'08), Dec. 2008. Google Scholar
Digital Library
- L. Chen and A. Avizienis. N-version programming: A fault-tolerance approach to reliability of software operation. In Proc. of the 8th IEEE International Symposium on Fault Tolerant Computing (FTCS'78), June 1978.Google Scholar
- Chromium.org. Linux Zygote: The use of zygotes on Linux. https://code.google.com/p/chromium/wiki/LinuxZygote.Google Scholar
- B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: a secretless framework for security through diversity. In Proc. of the 15th USENIX Security Symposium (USENIX Security'06), July-Aug. 2006. Google Scholar
Digital Library
- D. Devries and F. Piessens. Noninterference through secure multi-execution. In Proc. of the IEEE Symposium on Security and Privacy (IEEE S&P'10), May 2010. Google Scholar
Digital Library
- H. Franke, R. Russell, and M. Kirkwood. Fuss, futexes and furwocks: Fast userlevel locking in Linux. In Proc. of the 2002 Ottawa Linux Symposium (OLS'02), June 2002.Google Scholar
- T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A delegating architecture for secure system call interposition. In Proc. of the 11th Network and Distributed System Security Symposium (NDSS'04), Feb. 2004.Google Scholar
- D. Geels, G. Altekar, S. Shenker, and I. Stoica. Replay debugging for distributed applications. In Proc. of the 2006 USENIX Annual Technical Conference (USENIX ATC'06), May-June 2006. Google Scholar
Digital Library
- J. Giacomoni, T. Moseley, and M. Vachharajani. FastForward for efficient pipeline parallelism: a cache-optimized concurrent lock-free queue. In Proc. of the 13th ACM Symposium on Principles and Practice of Parallel Programming (PPoPP'08), Feb. 2008. Google Scholar
Digital Library
- I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications confining the wily hacker. In Proc. of the 6th USENIX Security Symposium (USENIX Security'96), July 1996. Google Scholar
Digital Library
- Z. Guo, X. Wang, J. Tang, X. Liu, Z. Xu, M. Wu, M. F. Kaashoek, and Z. Zhang. R2: An application-level kernel for record and replay. In Proc. of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI'08), Dec. 2008. Google Scholar
Digital Library
- P. Hosek and C. Cadar. Safe software updates via multi-version execution. In Proc. of the 35th International Conference on Software Engineering (ICSE'13), May 2013. Google Scholar
Digital Library
- G. Hunt and D. Brubacher. Detours: Binary interception of Win32 functions. In Proc. of the 3rd USENIX Windows NT Symposium (USENIX NT'99), July 1999. Google Scholar
Digital Library
- K. Jain and R. Sekar. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In Proc. of the 6th Network and Distributed System Security Symposium (NDSS'99), Feb. 1999.Google Scholar
- A. Jaleel. Memory characterization of workloads using instrumentation-driven simulation. Technical report, Intel Corporation, 2007.Google Scholar
- T. Kim and N. Zeldovich. Practical and effective sandboxing for non-root users. In Proc. of the 2013 USENIX Annual Technical Conference (USENIX ATC'13), June 2013. Google Scholar
Digital Library
- V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In Proc. of the 11th USENIX Security Symposium (USENIX Security'02), Aug. 2002. Google Scholar
Digital Library
- O. Laadan, N. Viennot, and J. Nieh. Transparent, lightweight application execution replay on commodity multiprocessor operating systems. In Proc. of the ACM SIGMETRICS 2010 (SIGMETRICS'10), June 2010. Google Scholar
Digital Library
- L. Lamport. Time, clocks, and the ordering of events in a distributed system. Communications of the Association for Computing Machinery (CACM), 21(7):558--565, July 1978. ISSN 0001-0782. Google Scholar
Digital Library
- P. P.-C. Lee, T. Bu, and G. Chandranmenon. A lock-free, cache-efficient multi-core synchronization mechanism for line-rate network traffic monitoring. In Proc. of the 24th IEEE International Parallel & Distributed Processing Symposium (IPDPS'10), Apr. 2010.Google Scholar
Cross Ref
- L. Levrouw, K. Audenaert, and J. Van Campenhout. A new trace and replay system for shared memory programs based on Lamport clocks. In Proc. of the 6th IEEE International Parallel & Distributed Processing Symposium (IPDPS'94), Oct. 1994.Google Scholar
Cross Ref
- T. Liu, C. Curtsinger, and E. D. Berger. D THREADS: Efficient deterministic multithreading. In Proc. of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), Oct. 2011. Google Scholar
Digital Library
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proc. of the Conference on Programing Language Design and Implementation (PLDI'05), June 2005. Google Scholar
Digital Library
- M. Maurer and D. Brumley. TACHYON: Tandem execution for efficient live patch testing. In Proc. of the 21st USENIX Security Symposium (USENIX Security'12), Aug. 2012. Google Scholar
Digital Library
- S. McCanne and V. Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In Proc. of the 1993 Winter USENIX Conference, Jan. 1993. Google Scholar
Digital Library
- S. Nanda, W. Li, L.-C. Lam, and T. cker Chiueh. BIRD: Binary interpretation using runtime disassembly. In Proc. of the 4th International Symposium on Code Generation and Optimization (CGO'06), Mar. 2006. Google Scholar
Digital Library
- N. Provos. Improving host security with system call policies. In Proc. of the 11th USENIX Security Symposium (USENIX Security'02), Aug. 2002. Google Scholar
Digital Library
- R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return- oriented programming: Systems, languages, and applications. ACM Transactions on Information and System Security (TIS-SEC), 15(1):2:1--2:34, Mar. 2012. Google Scholar
Digital Library
- M. Ronsse and K. De Bosschere. RecPlay: A fully integrated practical record/replay system. ACM Transactions on Computer Systems (TOCS), 17(2):133--152, May 1999. ISSN 0734-2071. Google Scholar
Digital Library
- Y. Saito. Jockey: a user-space library for record-replay debugging. In Proc. of the 6th International Workshop on Automated Debugging (AADEBUG'05), Sept. 2005. Google Scholar
Digital Library
- B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In Proc. of the 4th European Conference on Computer Systems (EuroSys'09), Mar.-Apr. 2009. Google Scholar
Digital Library
- S. Sidiroglou, S. Ioannidis, and A. D. Keromytis. Band-aid patching. In Proc. of the 3rd Workshop on Hot Topics in System Dependability (HotDep'07), June 2007. Google Scholar
Digital Library
- M. Thompson, D. Farley, M. Barker, P. Gee, and A. Stewart. Disruptor: High performance alternative to bounded queues for exchanging data between concurrent threads. Technical report, LMAX, 2011. URL http://lmax-exchange.github.io/disruptor/files/Disruptor-1.0.pdf.Google Scholar
- J. Tucek, W. Xiong, and Y. Zhou. Efficient online validation with delta execution. In Proc. of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'09), Mar. 2009. Google Scholar
Digital Library
- K. Veeraraghavan, P. M. Chen, J. Flinn, and S. Narayanasamy. Detecting and surviving data races using complementary schedules. In Proc. of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), Oct. 2011. Google Scholar
Digital Library
- M. A. Vouk. Back-to-back testing. Information and Software Technology (IST), 32:34--45, Jan.-Feb. 1990. Google Scholar
Digital Library
- D. A. Wagner. Janus: an approach for confinement of untrusted applications. Technical Report UCB/CSD-99-1056, University of California at Berkley, 1999. URL http://www.eecs.berkeley.edu/Pubs/TechRpts/1999/5271.html. Google Scholar
- H. Xue, N. Dautenhahn, and S. T. King. Using replicated execution for a more secure and reliable web browser. In Proc. of the 19th Network and Distributed System Security Symposium (NDSS'12), Feb. 2012.Google Scholar
- A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In Proc. of the 4th USENIX Symposium on Networked Systems Design and Implementation (NSDI'07), Apr. 2007. Google Scholar
Digital Library
Index Terms
VARAN the Unbelievable: An Efficient N-version Execution Framework
Recommendations
VARAN the Unbelievable: An Efficient N-version Execution Framework
ASPLOS'15With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. ...
VARAN the Unbelievable: An Efficient N-version Execution Framework
ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating SystemsWith the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. ...
Transparent, lightweight application execution replay on commodity multiprocessor operating systems
Performance evaluation reviewWe present Scribe, the first system to provide transparent, low-overhead application record-replay and the ability to go live from replayed execution. Scribe introduces new lightweight operating system mechanisms, rendezvous and sync points, to ...







Comments