Abstract
Memory error exploits rank among the most serious security threats. Of the plethora of memory error containment solutions proposed over the years, most have proven to be too weak in practice. Multi-Variant eXecution (MVX) solutions can potentially detect arbitrary memory error exploits via divergent behavior observed in diversified program variants running in parallel. However, none have found practical applicability in security due to their non-trivial performance limitations. In this paper, we present MvArmor, an MVX system that uses hardware-assisted process virtualization to monitor variants for divergent behavior in an efficient yet secure way. To provide comprehensive protection against memory error exploits, MvArmor relies on a new MVX-aware variant generation strategy. The system supports user-configurable security policies to tune the performance-security trade-off. Our analysis shows that MvArmor can counter many classes of modern attacks at the cost of modest performance overhead, even with conservative detection policies.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 |
| Publisher | Institute of Electrical and Electronics Engineers, Inc. |
| Pages | 431-442 |
| Number of pages | 12 |
| ISBN (Electronic) | 9781467388917 |
| DOIs | |
| Publication status | Published - 29 Sept 2016 |
| Event | 46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France Duration: 28 Jun 2016 → 1 Jul 2016 |
Conference
| Conference | 46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 |
|---|---|
| Country/Territory | France |
| City | Toulouse |
| Period | 28/06/16 → 1/07/16 |
Keywords
- Binary armoring
- Memory errors
- Multi-variant Execution
- Randomization
- Security
- Virtualization