Enhancing server availability and security through failure-oblivious computing
作者: Martin Rinard , Cristian Cadar , William S. Beebee , Daniel M. Roy , Tudor Leu
DOI:
关键词: Call stack 、 Operating system 、 Memory corruption 、 Memory errors 、 Process (computing) 、 Computing with Memory 、 Computer science 、 Data structure 、 Server 、 Interleaved memory
摘要: We present a new technique, failure-oblivious computing, that enables servers to execute through memory errors without corruption. Our safe compiler for C inserts checks dynamically detect invalid accesses. Instead of terminating or throwing an exception, the generated code simply discards writes and manufactures values return reads, enabling server continue its normal execution path. We have applied computing set widely-used from Linux-based open-source environment. results show our techniques 1) make these invulnerable known security attacks exploit errors, 2) enable operate successfully service legitimate requests satisfy needs their users even after trigger errors. We observed several reasons this successful continued execution. When occur in irrelevant computations, on relevant computation. Even when converts unanticipated dangerous paths into anticipated inputs, which error-handling logic rejects. Because tend small error propagation distances (localized computation one request little no effect computations subsequent requests), redirecting reads would otherwise cause addressing discarding corrupt critical data structures (such as call stack) localizes prevents exceptions computation, process requests. The overall result is substantial extension range can process.
danroy.org
ic.ac.uk
columbia.edu 
princeton.edu 
stanford.edu 
uchicago.edu 
swarthmore.edu 参考文章(47)
David B. Golub, Avadis Tevanian, Michael J. Accetta, William J. Bolosky, Richard F. Rashid, Robert V. Baron, Michael Young, Mach: A New Kernel Foundation for UNIX Development. USENIX Summer. pp. 93- 113 ,(1986)
Michael R. Lyu, Software Fault Tolerance John Wiley & Sons, Inc.. ,(1995)
Michael Litzkow, Marvin Solomon, The evolution of Condor checkpointing international conference on mobile technology, applications, and systems. pp. 163- 164 ,(1999)
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Jim Gray, Andreas Reuter, Transaction Processing: Concepts and Techniques ,(1992)
Monica S. Lam, Olatunji Ruwase, A practical dynamic buffer overflow detector network and distributed system security symposium. pp. 159- 169 ,(2004)
W. Edwards Deming, Out of the Crisis ,(1982)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
M. Rinard, C. Cadar, D. Dumitran, D.M. Roy, Tudor Leu, A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors) annual computer security applications conference. pp. 82- 90 ,(2004) , 10.1109/CSAC.2004.2