Vakgroep ELIS GHUMVEE: Efficient, Effective and Flexible Replication Stijn Volckaert Computer Systems Lab Ghent University Belgium
N-modular Redundancy variant 1 input variant 2 monitor output variant 3 equivalent components 2
Replication Variant 1 Variant 2 libc libc t t sys_read sys_read sys_exec sys_read sys_read sys_read Monitor Kernel Hardware 3
Replication Goals Run variants in parallel on the same inputs Detect inconsistent behavior Transparent to user and programmer Minimal overhead Support wide range of diversity Run realistic programs Cox, B., Evans, D., et al.: N-variant systems: A secretless framework for security through diversity. In: Proc. USENIX SSYM. (2006) 105-120 • Berger, E., Zorn, B.: DieHard: probabilistic memory safety for unsafe languages. In: Proc. ACM PLDI. (2006) 158-168 • Bruschi, D., Cavallaro, L.: Diversifed Process Replicae for Defeating Memory Error Exploits. In: Proc. IEEE IPCCC. (2007) 434-441 • Salamat, B., Jackson, T., et al.: Orchestra: A User Space Multi-Variant Execution Environment. In: Proc. EuroSys. (2009) 33-46 • 4
Overview Introduction Replication GHUMVEE Overview Implementation challenges Multithreading & synchronization Address-sensitive behavior Evaluation Conclusions 5
Multithreading (1) Variant1 Variant1 Variant2 Variant2 Variant 1 Variant 2 Thread1 Thread2 Thread1 Thread2 t t t t sys_brk sys_open Kernel Hardware 6
Multithreading (2) Variant1 Variant1 Variant2 Variant2 Thread1 Thread2 Thread1 Thread2 t t t t sys_open sys_open sys_brk sys_brk Kernel Hardware 7
User-space locking operations (1) Variant1 Variant2 Variant1 Variant2 Thread1 Thread1 Thread2 Thread2 t t t t sys_open sys_brk Kernel Hardware 8
User-space locking operations (2) Variant1 Variant2 Variant1 Variant2 1 Thread1 Thread1 Thread2 Thread2 t t t t sys_open sys_open Kernel Hardware 9
Address-Sensitive Behavior Variant 1 Variant 2 Object 3 (0x7c756c) Object 1 (0xd4cab9) Object 2 (0xdcd4c7) Object 1 (0xf0ebe2) Object 2 (0xb8a98f) sys_mmap2 Kernel 10
Benchmarks SPEC2006 Benchmarks 100 90 Relative Performance 80 70 60 50 40 30 20 10 0 no MVEE (1 variant) no MVEE (2 variants) MVEE (2 variants) MVEE (3 variants) MVEE (4 variants) 11 Measured on a core i7-870 quad core system
Supported Programs 12
Problematic features Multi- Custom Address Shared Mem- Time- Self- threade Sync Sensitive Mem mapped I/ Aware aware (/ d O (rdtsc) proc) Glibc Glib (GNOME) kcalc firefox LibreOffice MPlayer
Transparency For the user: Startup overhead For the programmers: Indicate names of functions that need interception Don’t inline these functions interposer library interposer standard library libc pthread total (header files) base lib lines of C code 260 654 766 829 2509 application library glib gtk orbit pango libreoffice total lines of C code 105 54 78 54 183 474 14
Conclusions Realistic programs Limited performance overhead (~15%) Limitations for programmers 15
16
Recommend
More recommend
