Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space
作者: Babak Salamat , Todd Jackson , Andreas Gal , Michael Franz
关键词:
摘要: In a Multi-Variant Execution Environment (MVEE), several slightly different versions of the same program are executed in lockstep. While this is done, monitor compares behavior at certain synchronization points with aim detecting discrepancies which may indicate attacks.As we show, can be implemented entirely user space, eliminating need for kernel modifications. As result, not part trusted code base.We have built fully functioning MVEE, named Orchestra, and evaluated its effectiveness. We obtained benchmark results on quad-core system, using two variants grow stack opposite directions. The show that overall penalty simultaneous execution monitoring multi-core system averages about 15% relative to unprotected conventional
babaks.com
acm.org参考文章(24)
Taliver Heath, Enrique V. Carrera, Ricardo Bianchini, Eduardo Pinheiro, Load balancing and unbalancing for power and performance in cluster-based systems ,(2001) , 10.7282/T3-AGFW-YT73
Nicholas Nethercote, Julian Seward, Valgrind: A Program Supervision Framework Electronic Notes in Theoretical Computer Science. ,vol. 89, pp. 44- 66 ,(2003) , 10.1016/S1571-0661(04)81042-9
Charles Consel, Jonathan Walpole, Calton Pu, Crispin Cowan, Andrew P. Black, A Specialization Toolkit to Increase the Diversity of Operating Systems ICMAS Workshop on Immunity-Based Systems. ,(1996)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention network and distributed system security symposium. pp. 149- ,(2003)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Efficient techniques for comprehensive protection from memory error exploits usenix security symposium. pp. 17- 17 ,(2005)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
Bernhard Kauer, OSLO: improving the security of trusted computing usenix security symposium. pp. 16- ,(2007)
J. Pincus, B. Baker, Beyond stack smashing: recent advances in exploiting buffer overruns ieee symposium on security and privacy. ,vol. 2, pp. 20- 27 ,(2004) , 10.1109/MSP.2004.36
Chetan Parampalli, R. Sekar, Rob Johnson, A practical mimicry attack against powerful system-call monitors computer and communications security. pp. 156- 167 ,(2008) , 10.1145/1368310.1368334