Christian Wimmer

On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention

Todd Jackson, Babak Salamat, Gregor Wagner, Christian Wimmer, Michael Franz: On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention. In Proceedings of the International Workshop on Security Measurements and Metrics, article 7. ACM Press, 2010. doi:10.1145/1853919.1853929

Download as PDF
© ACM, 2010.

Abstract

Multi-variant program execution is an application of n-version programming, in which several slightly different instances of the same program are executed in lockstep on a multiprocessor. These variants are created in such a way that they behave identically under "normal" operation and diverge when "out of specification" events occur, which may be indicative of attacks. This paper assess the effectiveness of different code variation techniques to address different classes of vulnerabilities. In choosing a variant or combination of variants, security demands need to be balanced against run-time overhead. Our study indicates that a good combination of variations when running two variants is to choose one of instruction set randomization, system call number randomization, and register randomization, and use that together with library entry point randomization. Running more variants simultaneously makes it exponentially more difficult to take over the system.