09. 01. 2015

Detecting Attacks Using Program Alternatives and ELKVM


Marta Tasic

TU Dresden

Verteidigung der Master-Arbeit

Buffer overflow is known to be the most common form of vulnerability in software that allows attackers to hijack a system by feeding a specially crafted input to a vulnerable application running on it. Many techniques have been developed to prevent an intrusion, but none of them provide an ultimate solution. Multi-variant execution involves running several slightly different versions of a program in parallel. Discrepancies in execution of the variants indicate an attack. I develop a multi-variant execution environment with the help of ELKVM library. I implement a multi-variant execution monitor which produces variants for a given application using custom program diversification techniques and runs them while comparing their behavior. The monitor runs as a Linux user-space application. It provides security to the application against many buffer overflow based attacks with the geometric-mean performance degradation of 18.2%, commonly affordable to security sensitive applications.
28. Oct 2020
· Copyright © 2001-2022 Operating Systems Group, TU Dresden | Impressum ·