Distributed Heterogeneous N-Variant Execution

Conference paper (2020)

Authors

A. Voulimeneas External organisation

Dokyung Song

Fabian Parzefall

Yeoul Na

Per Larsen

Michael Franz

Stijn Volckaert

Affiliation

External organisation

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:45451410-bcd5-4401-8bab-04f2adf53740

Published Date

07-07-2020

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

N-Variant Execution (NVX) systems utilize artificial diversity techniques to enhance software security. The general idea is to run multiple different variants of the same program alongside each other while monitoring their diverging behavior on a malicious input. Existing NVX systems execute diversified program variants on a single host. This means the level of inter-variant diversity will be limited to what a single platform can offer, without costly emulation. This paper presents DMON, a novel distributed NVX design that executes native program variants across multiple heterogeneous hosts. Our approach greatly increases the level of diversity between the simultaneously running variants that can be supported, encompassing different ISAs and ABIs. Our evaluation shows that DMON can provide comparable performance to traditional, non-distributed NVX systems, while enhancing security.