Abstract
Faults in embedded systems are on the rise due to shrinking hardware feature sizes, increasing software complexity, and security vulnerabilities. Since such faults cannot be completely prevented, systems have to cope with their effects. Frequently, redundancy is used to achieve fault tolerance. However, with homogeneous redundancy common-cause faults such as software bugs or hardware faults in shared resources are not tolerated - diversity is needed.
In this paper, we highlight the potential of automatically introducing diversity via dynamic software diversity techniques. Recently, these techniques have attracted attention in the security domain. Furthermore, we present the idea of using such dynamic software diversity methods to create feedback-based systems that are able to adapt the execution of the program in such a way that the consequences of faults are leveraged. Finally, we demonstrate the approach with two use cases. We show that by using address space layout randomization - a widespread technique to prevent malicious attacks - it is possible to detect memory-related software bugs during runtime. Additionally, we illustrate the idea of adaptive dynamic software diversity by showing a simple example of how to recover from common-cause faults in the address decoder via software by inserting memory gaps with adjustable size.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ammann, P.P.E., Knight, J.C., Amman, P., Kngiht, J.: Data diversity: an approach to software fault tolerance. IEEE Trans. Comput. 37(4), 418–425 (1988)
Avizienis, A., Laprie, J.C.J., Randell, B., Landwehr, C., Member, S.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanović, D.: Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur. 8(1), 3–40 (2005)
Baudry, B., Monperrus, M.: The multiple facets of software diversity: recent developments in year 2000 and beyond, ArXiv e-prints (2014)
Bhatkar, S., DuVarney, D., Sekar, R.: Efficient techniques for comprehensive protection from memory error exploits. In: USENIX Security Symposium (2005)
Brun, Y., Serugendo, G.D.M., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezze, M., Shaw, M.: Software Engineering for Self-Adaptive Systems. Engineering self-adaptive systems through feedback loops. Springer, Heidelberg (2009)
Buys, J., De Florio, V., Blondia, C.: Towards context-aware adaptive fault tolerance in SOA applications. In: ACM International Conference on Distributed Event-Based System (2011)
Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Technical Report CMUCS-02-197, Carnegie Mellon University (2002)
Clang Project: Clang Static Analyzer (2014)
Florio, V.D.: On resilient behaviors in computational systems and environments. J. Reliable Intell. Environ. 1(1), 1–14 (2015)
Gaiswinkler, G., Gerstinger, A.: Automated software diversity for hardware fault detection. In: IEEE Conference on Emerging Technologies and Factory Automation (2009)
Giuffrida, C., Kuijsten, A., Tanenbaum, A.: Enhanced operating system security through efficient and fine-grained address space randomization. In: USENIX Conference on Security (2012)
Goloubeva, O., Rebaudengo, M., Reorda, M.M.S., Violante, M.: Software-Implemented Hardware Fault Tolerance. Springer, Heidelberg (2006)
Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29, 1645–1660 (2013)
Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: MiBench: a free commercially representative embedded benchmark suite. In: IEEE International Workshop on Workload Characterization (2001)
Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: where’d my gadgets go? In: IEEE Symposium on Security and Privacy (2012)
Höller, A., Kajtazovic, N., Römer, K., Kreiner, C.: Evaluation of diverse compiling for software fault tolerance. In: Design Automation and Test in Europe (2015)
Höller, A., Krieg, A., Rauter, T., Iber, J., Kreiner, C.: QEMU-based fault injection for a system-level analysis of software countermeasures against fault attacks. In: Euromicro Conference on Digital System Design2 (2015)
Höller, A., Macher, G., Rauter, T., Iber, J., Kreiner, C.: A virtual fault injection framework for reliability-aware software development. In: IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (2015)
Höller, A., Rauter, T., Iber, J., Kreiner, C.: Adaptive dynamic software diversity: towards feedback-based resilience. In: IEEE/IFIP International Conference on Dependable Systems and Networks - Supplementary Volume (2015)
Höller, A., Schönfelder, G., Kajtazovic, N., Kreiner, C.: FIES: a fault injection framework for the evaluation of self-tests for COTS-based safety-critical systems. In: IEEE Microprocessor Test and Verification Workshop (2014)
Homescu, A., Neisius, S., Larsen, P., Brunthaler, S., Franz, M.: Profile-guided automated software diversity. In: IEEE/ACM International Symposium on Code Generation and Optimization (2013)
ISO 26262: Road Vehicles - Functional Safety Standard (2009)
Jafri, S., Piestrak, S.J., Sentieys, O., Pillement, S.: Design of a fault-tolerant coarse-grained reconfigurable architecture : a case study. In: International Symposium on Quality Electronic Design (2010)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: IEEE Security and Privacy Magazine (2014)
Macher, G., Höller, A., Armengaud, E., Kreiner, C.: Automotive embedded software: migration challenges to multi-core computing platforms. In: IEEE Conference on Industrial Informatics (2015)
Madeira, H., Some, R.R., Moreira, F., Costa, D., Rennels, D.: Experimental evaluation of a COTS system for space applications. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 325–330 (2002)
Meza, J., Wu, Q., Kumar, S., Mutlu, O.: Revising memory errors in large-scale production data centers: analysis and modelling of new trends from the field. In: IEEE/IFIP International Conference on Dependable Systems and Networks (2015)
Natella, R.: Achieving representative faultloads in software fault injection. Ph.D. thesis. Università degli Studi di Napoli Federico II (2011)
Natella, R., Cotroneo, D., Duraes, J.A., Henrique, S.: On fault representativeness of software fault injection. IEEE Trans. Softw. Eng. 39(1), 80–96 (2011)
Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: IEEE Symposium on Security and Privacy (2012)
Pullum, L.: Software Fault Tolerance Techniques and Implementation. Springer, Heidelberg (2001)
Boesen, M.R., Pascal, S., Madsen, J.: Feasibility study of a self-healing hardware platform. In: Reconfigurable Computing: Architectures, Tools and Applications (2010)
Saggese, G.P., Wang, N.J., Kalbarczyk, Z.T.: An experimental study of soft errors in microprocessors. IEEE Micro 25(6), 30–39 (2005)
Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J., Soffa, M.: Retargetable and reconfigurable software dynamic translation. In: International Symposium on Code Generation and Optimization (2003)
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z., Rd, W.C.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: ACM Conference on Computer and Communications Security (2012)
Wheeler, D.A.: Fully countering trusting trust through diverse double-compiling. Ph.D. thesis. George Mason University (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Höller, A., Rauter, T., Iber, J., Kreiner, C. (2015). Towards Dynamic Software Diversity for Resilient Redundant Embedded Systems. In: Fantechi, A., Pelliccione, P. (eds) Software Engineering for Resilient Systems. SERENE 2015. Lecture Notes in Computer Science(), vol 9274. Springer, Cham. https://doi.org/10.1007/978-3-319-23129-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-23129-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23128-0
Online ISBN: 978-3-319-23129-7
eBook Packages: Computer ScienceComputer Science (R0)