Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSYS
2009
ACM
2009
ACM
Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space
In a Multi-Variant Execution Environment (MVEE), several slightly different versions of the same program are executed in lockstep. While this is done, a monitor compares the behavior of the versions at certain synchronization points with the aim of detecting discrepancies which may indicate attacks. As we show, the monitor can be implemented entirely in user space, eliminating the need for kernel modifications. As a result, the monitor is not a part of the trusted code base. We have built a fully functioning MVEE, named Orchestra, and evaluated its effectiveness. We obtained benchmark results on a quad-core system, using two variants which grow the stack in opposite directions. The results show that the overall penalty of simultaneous execution and monitoring of two variants on a multi-core system averages about 15% relative to unprotected conventional execution. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection — Security kernels; K.6.5 [Managem...
Real-time TrafficEUROSYS 2009 | Multi-Variant Execution Environment | Security Keywords Process | System Software | Unprotected Conventional Execution |
| Added | 10 Mar 2010 |
| Updated | 10 Mar 2010 |
| Type | Conference |
| Year | 2009 |
| Where | EUROSYS |
| Authors | Babak Salamat, Todd Jackson, Andreas Gal, Michael Franz |
Comments (0)
Researcher Info
|
