Rave: A Modular and Extensible Framework for Program State Re-Randomization

C Blackburn, X Wang, B Ravindran - … of the 9th ACM Workshop on …, 2022 - dl.acm.org
C Blackburn, X Wang, B Ravindran
Proceedings of the 9th ACM Workshop on Moving Target Defense, 2022dl.acm.org
Dynamic software diversification is an effective way to boost software security. Existing
diversification-based approaches often target a single node environment and leverage in-
process agents to diversify code and data, resulting in an unnecessary attack surface on a
fixed software/hardware stack. This paper presents Rave, a practical system designed to
enable out-of-bound program state shuffling on a moving target environment, avoiding any
sensitive agent code invoked within the running target. Rave relies on a user-space page …
Dynamic software diversification is an effective way to boost software security. Existing diversification-based approaches often target a single node environment and leverage in-process agents to diversify code and data, resulting in an unnecessary attack surface on a fixed software/hardware stack. This paper presents Rave, a practical system designed to enable out-of-bound program state shuffling on a moving target environment, avoiding any sensitive agent code invoked within the running target. Rave relies on a user-space page fault handling mechanism introduced in the latest Linux kernel and seamlessly integrates with CRIU, the battle-tested process migration tool for Linux.
Rave consists of two components: librave, a library for static binary analysis and instrumentation, and CRIU-Rave, a runtime that dynamically updates program execution states (e.g., internal stack data layout and the machine node the program runs on). We built a prototype of Rave and evaluated it with four real-world server applications and 13 applications from the SPEC CPU 2017 and the SNU C version of NAS Parallel Benchmarks (NPB) benchmark suites. We demonstrated that Rave can continuously re-randomize the program state (e.g., internal stack layout, instruction sequences, and machine node to run on). The evaluation shows that Rave increases the internal program state entropy with an additional ≈200 ms time overhead for each re-randomization epoch on average.
ACM Digital Library
以上显示的是最相近的搜索结果。 查看全部搜索结果

Google学术搜索按钮

example.edu/paper.pdf
搜索
获取 PDF 文件
引用
References