short-paper

Double Helix and RAVEN: A System for Cyber Fault Tolerance and Recovery

Authors:

Jack W. Davidson,

Jason D. Hiser,

John C. Knight,

Anh Nguyen-Tuong,

Westley Weimer,

Jonathan Burket,

Gregory L. Frazier,

Tiffany M. Frazier,

Bruno Dutertre,

Natarajan Shankar,

Stephanie ForrestAuthors Info & Claims

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

Article No.: 17, Pages 1 - 4

https://doi.org/10.1145/2897795.2897805

Published: 05 April 2016 Publication History

Abstract

Cyber security research has produced numerous artificial diversity techniques such as address space layout randomization, heap randomization, instruction-set randomization, and instruction location randomization. To be most effective, these techniques must be high entropy and secure from information leakage which, in practice, is often difficult to achieve. Indeed, it has been demonstrated that well-funded, determined adversaries can often circumvent these defenses. To allow use of low-entropy diversity, prevent information leakage, and provide provable security against attacks, previous research proposed using low-entropy but carefully structured artificial diversity to create variants of an application and then run these constructed variants within a fault-tolerant environment that runs each variant in parallel and cross check results to detect and mitigate faults. If the variants are carefully constructed, it is possible to prove that certain classes of attack are not possible. This paper presents an overview and status of a cyber fault tolerant system that uses a low overhead multi-variant execution environment and precise static binary analysis and efficient rewriting technology to produce structured variants which allow automated verification techniques to prove security properties of the system. Preliminary results are presented which demonstrate that the system is capable of detecting unknown faults and mitigating attacks.

References

[1]

E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Transactions on Information and System Security, 8(1):3--40, Feb. 2005.

Digital Library

[2]

A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, and D. Boneh. Hacking blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 227--242, Washington, DC, USA, 2014. IEEE Computer Society.

Digital Library

[3]

D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In IEEE International Conference on Performance, Computing, and Communications Conference, IPCCC'07, pages 434--441, April 2007.

[4]

C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7, SSYM'98, pages 5--5, Berkeley, CA, USA, 1998. USENIX Association.

Digital Library

[5]

B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association.

Digital Library

[6]

J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd my gadgets go? In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 571--585, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

[7]

C. Le Goues, T. V. Nguyen, S. Forrest, and W. Weimer. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng., 38(1):54--72, Jan. 2012.

Digital Library

[8]

B. Rodes, A. Nguyen-Tuong, J. D. Hiser, J. C. Knight, M. Co, and J. W. Davidson. Defense against stack-based attacks using speculative stack layout transformation. In S. Qadeer and S. Tasiran, editors, Runtime Verification, volume 7687 of Lecture Notes in Computer Science, pages 308--313. Springer Berlin Heidelberg, 2013.

[9]

G. F. Roglia, L. Martignoni, R. Paleari, and D. Bruschi. Surgically returning to randomized libC. In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC '09, pages 60--69, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[10]

B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: Intrusion detection using parallel execution and monitoring of program variants in user-space. In Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys '09, pages 33--46, New York, NY, USA, 2009. ACM.

Digital Library

[11]

K. Scott and J. Davidson. Strata: A software dynamic translation infrastructure. In IEEE Workshop on Binary Translation, September 2001.

[12]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552--561, New York, NY, USA, 2007. ACM.

Digital Library

[13]

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298--307, New York, NY, USA, 2004. ACM.

Digital Library

[14]

A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? the effectiveness of instruction set randomization. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM'05, pages 10--10, Berkeley, CA, USA, 2005. USENIX Association.

Digital Library

[15]

S. Volckaert, B. De Sutter, T. De Baets, and K. De Bosschere. GHUMVEE: Efficient, effective, and flexible replication. In Proceedings of the 5th International Conference on Foundations and Practice of Security, FPS'12, pages 261--277, Berlin, Heidelberg, 2013. Springer-Verlag.

Digital Library

[16]

Checkpoint/restore in userspace. http://criu.org.

[17]

D. Williams, W. Hu, J. W. Davidson, J. D. Hiser, J. C. Knight, and A. Nguyen-Tuong. Security through diversity: Leveraging virtual machine technology. IEEE Security & Privacy, 7(1):26--33, Jan.--Feb. 2009.

Digital Library

[18]

J. Xu, Z. Kalbarczyk, and R. Iyer. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems, pages 260--269, oct. 2003.

Cited By

Espinoza AWood RForrest STiwari M(2022)Back to the future: N-Versioning of Microservices2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00049(415-427)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00049
Potteiger BCai FZhang ZKoutsoukos X(2021)Data space randomization for securing cyber-physical systemsInternational Journal of Information Security10.1007/s10207-021-00568-121:3(597-610)Online publication date: 6-Nov-2021
https://doi.org/10.1007/s10207-021-00568-1
Wei SZhang HZhang WYu H(2020)Conditional Probability Voting Algorithm Based on Heterogeneity of Mimic Defense SystemIEEE Access10.1109/ACCESS.2020.30313238(188760-188770)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3031323
Show More Cited By

Recommendations

Double-Sided Information Asymmetry in Double Extortion Ransomware
Decision and Game Theory for Security
Abstract
Double extortion ransomware attacks consist of an attack where victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence this leads to an increased willingness to pay a ransom, and higher ransoms, ...
Double edge-based traceback for wireless sensor networks

In some hostile environment, the sensor nodes can be captured by the adversary, the adversary can launch various attacks through the compromised nodes. In this paper, a double edge-based traceback DETrace scheme is proposed to reconstruct the attack ...
An Approach of Using Different Positions of Double Registers to Protect AES Hardware Structure from DPA
ISECS '10: Proceedings of the 2010 Third International Symposium on Electronic Commerce and Security

Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

April 2016

150 pages

ISBN:9781450337526

DOI:10.1145/2897795

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
John R. Goodall
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Short-paper
Research
Refereed limited

Conference

CISRC '16

CISRC '16: 11th Annual Cyber and Information Security Research

April 5 - 7, 2016

TN, Oak Ridge, USA

Acceptance Rates

CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
195
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Espinoza AWood RForrest STiwari M(2022)Back to the future: N-Versioning of Microservices2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00049(415-427)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00049
Potteiger BCai FZhang ZKoutsoukos X(2021)Data space randomization for securing cyber-physical systemsInternational Journal of Information Security10.1007/s10207-021-00568-121:3(597-610)Online publication date: 6-Nov-2021
https://doi.org/10.1007/s10207-021-00568-1
Wei SZhang HZhang WYu H(2020)Conditional Probability Voting Algorithm Based on Heterogeneity of Mimic Defense SystemIEEE Access10.1109/ACCESS.2020.30313238(188760-188770)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3031323
Jones JHiser JDavidson JForrest SLitoiu MClarke STei K(2019)Defeating denial-of-service attacks in a self-managing N-variant systemProceedings of the 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems10.1109/SEAMS.2019.00024(126-138)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1109/SEAMS.2019.00024
Cybenko GWellman MLiu PZhu M(2019)Overview of Control and Game Theory in Adaptive Cyber DefensesAdversarial and Uncertain Reasoning for Adaptive Cyber Defense10.1007/978-3-030-30719-6_1(1-11)Online publication date: 31-Aug-2019
https://doi.org/10.1007/978-3-030-30719-6_1
(2018)ReferencesThe Continuing Arms Race10.1145/3129743.3129753(261-281)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1145/3129743.3129753
Coppens BDe Sutter BVolckaert S(2018)Multi-variant execution environmentsThe Continuing Arms Race10.1145/3129743.3129752(211-258)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1145/3129743.3129752
Jin YSullivan DArias OSadeghi ADavi L(2018)Hardware control flow integrityThe Continuing Arms Race10.1145/3129743.3129751(181-210)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1145/3129743.3129751
Schuster FHolz T(2018)Attacking dynamic codeThe Continuing Arms Race10.1145/3129743.3129750(139-180)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1145/3129743.3129750
Göktas EAthanasopoulos EBos HPortokalidis G(2018)Evaluating control-flow restricting defensesThe Continuing Arms Race10.1145/3129743.3129749(117-137)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1145/3129743.3129749
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents