Abstract
A number of security mechanisms have been proposed to harden programs written in unsafe languages, each of which mitigates a specific type of memory error. Intuitively, enforcing multiple security mechanisms on a target program will improve its overall security. However, this is not yet a viable approach in practice because the execution slowdown caused by various security mechanisms is often non-linearly accumulated, making the combined protection prohibitively expensive; further, most security mechanisms are designed for independent or isolated uses and thus are often in conflict with each other, making it impossible to fuse them in a straightforward way. In this paper, we present BUNSHIN, an N-version-based system that enables different and even conflicting security mechanisms to be combined to secure a program while at the same time reducing the execution slowdown. In particular, we propose an automated mechanism to distribute runtime security checks in multiple program variants in such a way that conflicts between security checks are inherently eliminated and execution slowdown is minimized with parallel execution. We also present an N-version execution engine to seamlessly synchronize these variants so that all distributed security checks work together to guarantee the security of a target program.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017 |
| Publisher | USENIX Association |
| Pages | 271-283 |
| Number of pages | 13 |
| ISBN (Electronic) | 9781931971386 |
| State | Published - 2019 |
| Event | 2017 USENIX Annual Technical Conference, USENIX ATC 2017 - Santa Clara, United States Duration: Jul 12 2017 → Jul 14 2017 |
Publication series
| Name | Proceedings of the 2017 USENIX Annual Technical Conference, USENIX ATC 2017 |
|---|
Conference
| Conference | 2017 USENIX Annual Technical Conference, USENIX ATC 2017 |
|---|---|
| Country/Territory | United States |
| City | Santa Clara |
| Period | 7/12/17 → 7/14/17 |
Bibliographical note
Funding Information:8 Acknowledgment We thank our shepherd, Ittay Eyal, and the anonymous reviewers for their helpful feedback. This research was supported by NSF under award DGE-1500084, CNS-1563848, CRI-1629851, CNS-1017265, CNS-0831300, and CNS-1149051, ONR under grant N000140911042 and N000141512162, DHS under contract No. N66001-12-C-0133, United States Air Force under contract No. FA8650-10-C-7025, DARPA under contract No. DARPA FA8650-15-C-7556, and DARPA HR0011-16-C-0059, and ETRI MSIP/IITP[B0101-15-0644].
Funding Information:
We thank our shepherd, Ittay Eyal, and the anonymous reviewers for their helpful feedback. This research was supported by NSF under award DGE-1500084, CNS-1563848, CRI-1629851, CNS-1017265, CNS-0831300, and CNS-1149051, ONR under grant N000140911042 and N000141512162, DHS under contract No. N66001-12-C-0133, United States Air Force under contract No. FA8650-10-C-7025, DARPA under contract No. DARPA FA8650-15-C-7556, and DARPA HR0011-16-C-0059, and ETRI MSIP/IITP[B0101-15-0644].
Publisher Copyright:
© USENIX Annual Technical Conference, USENIX ATC 2017. All rights reserved.