skip to main content
10.1145/3652892.3654794acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmiddlewareConference Proceedingsconference-collections
research-article

sMVX: Multi-Variant Execution on Selected Code Paths

Published: 02 December 2024 Publication History

Abstract

Multi-Variant Execution (MVX) is an effective way to detect memory corruption vulnerabilities, intrusions, or live software updates. A traditional MVX system concurrently runs multiple copies of functionally identical, layout-different program variants. Therefore, a typical memory corruption attack that forges pointers can succeed on at most one variant, leading the other variant(s) to crash. The replicated execution adds software security and reliability but also brings multiple times of CPU and memory usage.
This paper presents sMVX, a flexible multi-variant execution system replicating variants only on the selected code paths. sMVX allows end-users to annotate a target program and indicate sensitive code regions for multi-variant execution. Such code regions can be authentication-related code or sensitive functions that handle potentially malicious input data. An sMVX runtime only replicates the sensitive functions and executes them in lockstep. We have implemented a prototype of sMVX using an in-process code monitor. The sMVX monitor supports the selected code paths MVX from within the target program's address space, but the monitor is isolated from the target's code by the Intel Memory Protection Keys (MPK). We evaluated the sMVX using a benchmark suite and two server applications. The evaluation demonstrates that sMVX exhibits a comparable performance overhead to state-of-the-art MVX systems but requires 20% fewer CPU cycles and 49% less memory consumption on server applications.

References

[1]
Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, and Jannik Pewny. 2014. You Can Run but You Can'T Read: Preventing Disclosure Exploits in Executable Code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14).
[2]
Steve Bannister. 2019. Memory Tagging Extension: Enhancing memory safety through architecture. Retrieved 06/23/2022 from https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhancing-memory-safety
[3]
Sandeep Bhatkar, Daniel C DuVarney, and R Sekar. 2005. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In USENIX Security Symposium, Vol. 10. 1251398--1251415.
[4]
David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely rerandomization for mitigating memory disclosures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 268--279.
[5]
BYTEmark benchmark. Accessed: 2024-03-20. Linux/Unix nbench. http://www.math.utah.edu/~mayer/linux/bmark.html.
[6]
Mengchen Cao, Xiantong Hou, Tao Wang, Hunter Qu, Yajin Zhou, Xiaolong Bai, and Fuwei Wang. 2019. Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11--15, 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM, 1883--1897.
[7]
Liming Chen and A. Avizienis. 1995. N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELIABILITY OF SOFTWARE OPERATION. In Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995,' Highlights from Twenty-Five Years'. 113--.
[8]
Bart Coppens, Bjorn De Sutter, and Stijn Volckaert. 2018. Multi-variant execution environments. Association for Computing Machinery and Morgan & Claypool, 211--258.
[9]
Benjamin Cox and David Evans. 2006. N-Variant Systems: A Secretless Framework for Security through Diversity. In Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4, 2006, Angelos D. Keromytis (Ed.). USENIX Association.
[10]
David Mulnix. Accessed: 2024-03-23. Intel® Xeon® Processor Scalable Family Technical Overview. https://software.intel.com/en-us/articles/intel-xeon-processor-scalable-family-technical-overview.
[11]
Jake Edge. 2013. Linux Kernel Address Space Layout Randomization. http://lwn.net/Articles/569635/.
[12]
Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal System Call Specialization for Attack Surface Reduction. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1749--1766.
[13]
Enes Göktas, Benjamin Kollenda, Philipp Koppe, Erik Bosman, Georgios Portokalidis, Thorsten Holz, Herbert Bos, and Cristiano Giuffrida. 2018. Position-independent code reuse: On the effectiveness of aslr in the absence of information disclosure. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 227--242.
[14]
Brendan Gregg. 2021. CPU Flame Graphs. Retrieved 06/23/2022 from https://www.brendangregg.com/FlameGraphs/cpuflamegraphs.html
[15]
Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L. Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 489--504.
[16]
Petr Hosek and Cristian Cadar. 2013. Safe software updates via multi-version execution. In 35th International Conference on Software Engineering, ICSE '13, San Francisco, CA, USA, May 18--26, 2013, David Notkin, Betty H. C. Cheng, and Klaus Pohl (Eds.). IEEE Computer Society, 612--621.
[17]
Petr Hosek and Cristian Cadar. 2015. VARAN the Unbelievable: An Efficient N-version Execution Framework. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS'15, Istanbul, Turkey, March 14--18, 2015, Özcan Özturk, Kemal Ebcioglu, and Sandhya Dwarkadas (Eds.). ACM, 339--353.
[18]
Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 969--986.
[19]
Intel 2019. Intel 64 and IA-32 Architectures Software Developerś Manual. Intel.
[20]
Mohannad Ismail, Jinwoo Yom, Christopher Jelesnianski, Yeongjin Jang, and Changwoo Min. 2021. VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. In ACM SIGSAC Conference on Computer and Communications Security (CCS'21). Association for Computing Machinery.
[21]
Alexandre Joannou, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey D. Son, and A. Theodore Markettos. 2017. Efficient Tagged Memory. In 2017 IEEE International Conference on Computer Design, ICCD 2017, Boston, MA, USA, November 5--8, 2017. IEEE Computer Society, 641--648.
[22]
JonathanSalwan. 2020. Ropgadget Github webpage. https://github.com/JonathanSalwan/ROPgadget, Online accessed 2024-03-23.
[23]
Vasileios P Kemerlis, Georgios Portokalidis, Kangkook Jee, and Angelos D Keromytis. 2012. libdft: Practical dynamic data flow tracking for commodity systems. In Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments. 121--132.
[24]
kernel.org. 2020. perf: Linux profiling with performance counters. Retrieved 06/23/2022 from https://perf.wiki.kernel.org/index.php/Main_Page
[25]
Koen Koning, Herbert Bos, and Cristiano Giuffrida. 2016. Secure and Efficient Multi-Variant Execution using Hardware-Assisted Process Virtualization. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 431--442.
[26]
Hojoon Lee, Chihyun Song, and Brent Byunghoon Kang. 2018. Lord of the X86 Rings: A Portable User Mode Privilege Separation Architecture on X86. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). Association for Computing Machinery, New York, NY, USA, 1441--1454.
[27]
Congwu Li, Le Guan, Jingqiang Lin, Bo Luo, Quanwei Cai, Jiwu Jing, and Jing Wang. 2019. Mimosa: Protecting Private Keys against Memory Disclosure Attacks using Hardware Transactional Memory. IEEE Transactions on Dependable and Secure Computing (2019).
[28]
Linux. 2020. pkeys(7) --- Linux manual page. https://man7.org/linux/man-pages/man7/pkeys.7.html.
[29]
James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 49--64.
[30]
Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, and Yubin Xia. 2015. Thwarting Memory Disclosure with Efficient Hypervisor-Enforced Intra-Domain Isolation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (Denver, Colorado, USA) (CCS '15). Association for Computing Machinery, New York, NY, USA, 1607--1619.
[31]
Kangjie Lu, Wenke Lee, Stefan Nürnberger, and Michael Backes. 2016. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21--24, 2016. The Internet Society.
[32]
Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee. 2021. Stopping Memory Disclosures via Diversification and Replicated Execution. IEEE Trans. Dependable Secur. Comput. 18, 1 (2021), 160--173.
[33]
Abhijit Mahurkar, Xiaoguang Wang, Hang Zhang, and Binoy Ravindran. 2023. DynaCut: A Framework for Dynamic and Adaptive Program Customization. In Proceedings of the 24th International Middleware Conference. 275--287.
[34]
Michael Matz, Jan Hubicka, Andreas Jaeger, and Mark Mitchell. 2013. System v application binary interface. (2013).
[35]
Tapti Palit, Jarin Firose Moon, Fabian Monrose, and Michalis Polychronakis. 2021. DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24--27 May 2021. IEEE, 1919--1937.
[36]
Soyeon Park, Sangho Lee, Wen Xu, HyunGon Moon, and Taesoo Kim. 2019. libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK). In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 241--254.
[37]
Luís Pina, Anastasios Andronidis, Michael Hicks, and Cristian Cadar. 2019. MVEDSUA: Higher Availability Dynamic Software Updates via Multi-Version Execution. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, RI, USA, April 13--17, 2019, Iris Bahar, Maurice Herlihy, Emmett Witchel, and Alvin R. Lebeck (Eds.). ACM, 573--585.
[38]
Radare Org. 2024. R2pipe Github webpage. https://github.com/radareorg/radare2-r2pipe, Online accessed 2024-01-23.
[39]
Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. 2009. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In Proceedings of the 4th ACM European conference on Computer systems. ACM, 33--46.
[40]
Salamat, Babak and Gal, Andreas and Franz, Michael. 2008. Reverse stack execution in a multi-variant execution environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security. 1--7.
[41]
Sascha Schirra. 2024. Ropper Github webpage. https://github.com/sashs/Ropper, Online accessed 2024-03-23.
[42]
G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004, Boston, MA, USA, October 7--13, 2004, Shubu Mukherjee and Kathryn S. McKinley (Eds.). ACM, 85--96.
[43]
Yulei Sui and Jingling Xue. 2016. SVF: interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th international conference on compiler construction. ACM, 265--266.
[44]
Michael Sutton, Adam Greene, and Pedram Amini. 2007. Fuzzing: brute force vulnerability discovery. Pearson Education.
[45]
Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient in-Process Isolation with Protection Keys (MPK). In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 1221--1238.
[46]
Jonas Vinck, Bert Abrath, Bart Coppens, Alexios Voulimeneas, Bjorn De Sutter, and Stijn Volckaert. 2022. Sharing is caring: secure and efficient shared memory support for MVEEs. In EuroSys '22: Seventeenth European Conference on Computer Systems, Rennes, France, April 5--8, 2022, Yérom-David Bromberg, Anne-Marie Kermarrec, and Christos Kozyrakis (Eds.). ACM, 99--116.
[47]
Stijn Volckaert, Bart Coppens, and Bjorn De Sutter. 2016. Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution. IEEE Trans. Dependable Secur. Comput. 13, 4 (2016), 437--450.
[48]
Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz. 2017. Taming Parallelism in a Multi-Variant Execution Environment. In Proceedings of the Twelfth European Conference on Computer Systems, EuroSys 2017, Belgrade, Serbia, April 23--26, 2017, Gustavo Alonso, Ricardo Bianchini, and Marko Vukolic (Eds.). ACM, 270--285.
[49]
Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz. 2016. Secure and Efficient Application Monitoring and Replication. In 2016 USENIX Annual Technical Conference (USENIX ATC 16). USENIX Association, Denver, CO, 167--179.
[50]
Alexios Voulimeneas, Dokyung Song, Per Larsen, Michael Franz, and Stijn Volckaert. 2021. dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting. In Proceedings of the 14th European Workshop on Systems Security. 41--47.
[51]
Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz, and Stijn Volckaert. 2020. Distributed Heterogeneous N-Variant Execution. In Detection of Intrusions and Malware, and Vulnerability Assessment - 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24--26, 2020, Proceedings, Clémentine Maurice, Leyla Bilge, Gianluca Stringhini, and Nuno Neves (Eds.), Vol. 12223. Springer, 217--237.
[52]
w00d. 2013. Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64 exploitation (CVE-2013-2028)). https://www.vnsecurity.net/research/2013/05/21/analysis-of-nginx-cve-2013-2028.html.
[53]
Xiaoguang Wang, SengMing Yeoh, Robert Lyerly, Pierre Olivier, Sang-Hoon Kim, and Binoy Ravindran. 2020. A Framework for Software Diversification with ISA Heterogeneity. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14--15, 2020, Manuel Egele and Leyla Bilge (Eds.). USENIX Association, 427--442.
[54]
Xiaoguang Wang, SengMing Yeoh, Pierre Olivier, and Binoy Ravindran. 2020. Secure and efficient in-process monitor (and library) protection with Intel MPK. In Proceedings of the 13th European Workshop on Systems Security, EuroSec@EuroSys 2020, Heraklion, Greece, April 27, 2020. ACM, 7--12.
[55]
Wikipedia. Accessed: 2024-03-20. Resident set size. https://en.wikipedia.org/wiki/Resident_set_size.
[56]
David Williams-King, Graham Gobieski, Kent Williams-King, James P Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and Deployable Continuous Code Re-Randomization. In OSDI. 367--382.
[57]
Xiantao Zhang, Xiao Zheng, Zhi Wang, Qi Li, Junkang Fu, Yang Zhang, and Yibin Shen. 2019. Fast and Scalable VMM Live Upgrade in Large Cloud Infrastructure. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, RI, USA, April 13--17, 2019. ACM, 93--105.
[58]
Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014. ARMlock: Hardware-Based Fault Isolation for ARM. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS '14). Association for Computing Machinery, New York, NY, USA, 558--569.
[59]
Sebastian Österlund, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, and Cristiano Giuffrida. 2019. kMVX: Detecting Kernel Information Leaks with Multi-variant Execution. In ASPLOS.

Index Terms

  1. sMVX: Multi-Variant Execution on Selected Code Paths

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      Middleware '24: Proceedings of the 25th International Middleware Conference
      December 2024
      515 pages
      ISBN:9798400706233
      DOI:10.1145/3652892
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      In-Cooperation

      • IFIP
      • Usenix

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 02 December 2024

      Check for updates

      Author Tags

      1. multi-variant execution
      2. memory protection
      3. software security

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      Middleware '24
      Middleware '24: 25th International Middleware Conference
      December 2 - 6, 2024
      Hong Kong, Hong Kong

      Acceptance Rates

      Overall Acceptance Rate 203 of 948 submissions, 21%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 50
        Total Downloads
      • Downloads (Last 12 months)50
      • Downloads (Last 6 weeks)8
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media