Secure and efficient multi-variant execution using hardware-assisted process virtualization

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Memory error exploits rank among the most serious security threats. Of the plethora of memory error containment solutions proposed over the years, most have proven to be too weak in practice. Multi-Variant eXecution (MVX) solutions can potentially detect arbitrary memory error exploits via divergent behavior observed in diversified program variants running in parallel. However, none have found practical applicability in security due to their non-trivial performance limitations. In this paper, we present MvArmor, an MVX system that uses hardware-assisted process virtualization to monitor variants for divergent behavior in an efficient yet secure way. To provide comprehensive protection against memory error exploits, MvArmor relies on a new MVX-aware variant generation strategy. The system supports user-configurable security policies to tune the performance-security trade-off. Our analysis shows that MvArmor can counter many classes of modern attacks at the cost of modest performance overhead, even with conservative detection policies.

Original languageEnglish
Title of host publicationProceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
PublisherInstitute of Electrical and Electronics Engineers, Inc.
Pages431-442
Number of pages12
ISBN (Electronic)9781467388917
DOIs
Publication statusPublished - 29 Sep 2016
Event46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France
Duration: 28 Jun 20161 Jul 2016

Conference

Conference46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
CountryFrance
CityToulouse
Period28/06/161/07/16

Keywords

  • Binary armoring
  • Memory errors
  • Multi-variant Execution
  • Randomization
  • Security
  • Virtualization

Fingerprint

Dive into the research topics of 'Secure and efficient multi-variant execution using hardware-assisted process virtualization'. Together they form a unique fingerprint.

Cite this