Abstract | ||
---|---|---|
A number of security mechanisms have been proposed to harden programs written in unsafe languages, each of which mitigates a specific type of memory error. Intuitively, enforcing multiple security mechanisms on a target program will improve its overall security. However, this is not yet a viable approach in practice because the execution slowdown caused by various security mechanisms is often non-linearly accumulated, making the combined protection prohibitively expensive; further, most security mechanisms are designed for independent or isolated uses and thus are often in conflict with each other, making it impossible to fuse them in a straightforward way.In this paper, we present BUNSHIN, an N-version based system that enables different and even conflicting security mechanisms to be combined to secure a program while at the same time reducing the execution slowdown. In particular, we propose an automated mechanism to distribute runtime security checks in multiple program variants in such a way that conflicts between security checks are inherently eliminated and execution slowdown is minimized with parallel execution. We also present an N-version execution engine to seamlessly synchronize these variants so that all distributed security checks work together to guarantee the security of a target program. |
Year | Venue | Field |
---|---|---|
2017 | 2017 USENIX ANNUAL TECHNICAL CONFERENCE (USENIX ATC '17) | Security testing,Security through obscurity,Computer security,Asset (computer security),Computer science,Software security assurance,Covert channel,Real-time computing,Security bug,Security information and event management,Computer security model,Distributed computing |
DocType | Citations | PageRank |
Conference | 3 | 0.38 |
References | Authors | |
27 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Meng Xu | 1 | 211 | 18.89 |
Kangjie Lu | 2 | 241 | 14.89 |
Taesoo Kim | 3 | 809 | 51.85 |
Wenke Lee | 4 | 9351 | 628.83 |