research-article

Sharing is caring: secure and efficient shared memory support for MVEEs

Authors:

Alexios Voulimeneas,

Bjorn De Sutter,

Stijn VolckaertAuthors Info & Claims

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

Pages 99 - 116

https://doi.org/10.1145/3492321.3519558

Published: 28 March 2022 Publication History

Abstract

Multi-Variant Execution Environments (MVEEs) are a powerful tool for protecting legacy software against memory corruption attacks. MVEEs employ software diversity to run multiple variants of the same program in lockstep, whilst providing them with the same inputs and comparing their behavior. Well-constructed variants will behave equivalently under normal operating conditions but diverge when under attack. The MVEE detects these divergences and takes action before compromised variants can damage the host system.

Existing MVEEs replicate inputs at the system call boundary, and therefore do not support programs that use shared-memory IPC with other processes, since shared memory pages can be read from and written to directly without system calls.

We analyzed modern applications, ranging from web servers, over media players, to browsers, and observe that they rely heavily on shared memory, in some cases for their basic functioning and in other cases for enabling more advanced functionality. It follows that modern applications cannot enjoy the security provided by MVEEs unless those MVEEs support shared-memory IPC.

This paper first identifies the requirements for supporting shared-memory IPC in an MVEE. We propose a design that involves techniques to identify and instrument accesses to shared memory pages, as well as techniques to replicate I/O through shared-memory IPC. We implemented these techniques in a prototype MVEE and report our findings through an evaluation of a range of benchmark programs. Our contributions enable the use of MVEEs on a far wider range of programs than previously supported. By overcoming one of the major remaining limitations of MVEEs, our contributions can help to bolster their real-world adoption.

References

[1]

[n.d.]. NGINX Development guide. https://nginx.org/en/docs/dev/development_guide.html#shared_memory.

[2]

2008. Multi-process Architecture. https://www.chromium.org/developers/design-documents/multi-process-architecture.

[3]

2018. fontconfig. https://www.freedesktop.org/wiki/Software/fontconfig/.

[4]

2019. Multiprocess Firefox. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox.

[5]

Emery D Berger and Benjamin G Zorn. 2006. DieHard: probabilistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[6]

Sandeep Bhatkar and R. Sekar. 2008. Data Space Randomization. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Paris, France) (DIMVA '08). Springer-Verlag, Berlin, Heidelberg, 1--22.

Digital Library

[7]

Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi. 2007. Diversified process replicæ for defeating memory error exploits. In IEEE Performance, Computing, and Communications Conference (IPCCC).

[8]

L Cavallaro. 2007. Comprehensive Memory Error Protection via Diversity and Taint-Tracking. Ph.D. Dissertation. PhD dissertation, Universita Degli Studi Di Milano.

[9]

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. 2010. Return-oriented Programming Without Returns. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[10]

Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the USENIX Security Symposium.

[11]

Frederick B Cohen. 1993. Operating system protection through program evolution. Comput. Secur. 12, 6 (1993), 565--584.

Digital Library

[12]

Jonathan Corbet. 1991. MIT-SHM(The MIT Shared Memory Extension). https://www.x.org/releases/current/doc/xextproto/shm.html.

[13]

Jonathan Corbet. 2015. Intel Memory Protection Keys. https://lwn.net/Articles/643797/.

[14]

Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. 2006. N-Variant Systems: A Secretless Framework for Security through Diversity. In USENIX Security Symposium.

[15]

Dominique Devriese and Frank Piessens. 2010. Noninterference through secure multi-execution. In Proceedings of the IEEE Symposium on Security and Privacy. 109--124.

Digital Library

[16]

Stephanie Forrest, Anil Somayaji, and David H Ackley. 1997. Building diverse computer systems. In Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No. 97TB100133). IEEE, 67--72.

[17]

Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany, and Thorsten Holz. 2016. Detile: Fine-grained information leak detection in script engines. In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). 322--342.

Digital Library

[18]

Victor Gaydov. 2017. PulseAudio under the hood. https://gavv.github.io/articles/pulseaudio-under-the-hood/#protocols-and-networking.

[19]

Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in javascript. In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).

Digital Library

[20]

Petr Hosek and Cristian Cadar. 2013. Safe software updates via multiversion execution. In Proceedings of the International Conference on Software Engineering (ICSE).

[21]

Petr Hosek and Cristian Cadar. 2015. Varan the unbelievable: An efficient n-version execution framework. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[22]

Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang. 2015. Automatic Generation of Data-Oriented Exploits. In Proceedings of the USENIX Security Symposium.

[23]

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Proceedings of the IEEE Symposium on Security and Privacy.

[24]

Kristian Høgsberg. 2012. The Wayland Protocol. https://wayland.freedesktop.org/docs/html/index.html.

[25]

Dohyeong Kim, Yonghwi Kwon, William N Sumner, Xiangyu Zhang, and Dongyan Xu. 2015. Dual execution for on the fly fine grained execution comparison. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[26]

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the IEEE Symposium on Security and Privacy.

[27]

Koen Koning, Herbert Bos, and Cristiano Giuffrida. 2016. Secure and efficient multi-variant execution using hardware-assisted process virtualization. In IEEE/IFIP Conference on Dependable Systems and Networks (DSN).

[28]

Yonghwi Kwon, Dohyeong Kim, William Nick Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2016. LDX: Causality inference by lightweight dual execution. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[29]

Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated software diversity. In Proceedings of the IEEE Symposium on Security and Privacy.

Digital Library

[30]

Moritz Lipp, M. Schwarz, D. Gruss, Thomas Prescher, W. Haas, A. Fogh, Jann Horn, S. Mangard, P. Kocher, Daniel Genkin, Yuval Yarom, and Michael Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the USENIX Security Symposium.

[31]

Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee. 2018. Stopping Memory Disclosures via Diversification and Replicated Execution. IEEE Transactions on Dependable and Secure Computing (TDSC) (2018).

Digital Library

[32]

Matthew Maurer and David Brumley. 2012. TACHYON: Tandem execution for efficient live patch testing. In Proceedings of the USENIX Security Symposium.

[33]

Matt Miller. 2019. Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape. In BlueHat IL.

[34]

NASA. 2004. Software Safety Guidebook, NASA Technical Standard. Technical Report. NASA-GB-8719.13.

[35]

Marek Olszewski, Jason Ansel, and Saman Amarasinghe. 2009. Kendo: efficient deterministic multithreading in software. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 97--108.

Digital Library

[36]

Luís Pina, Anastasios Andronidis, Michael Hicks, and Cristian Cadar. 2019. MVEDSUa: Higher Availability Dynamic Software Updates via Multi-Version Execution. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[37]

Luís Pina, Daniel Grumberg, Anastasios Andronidis, and Cristian Cadar. 2017. A {DSL} Approach to Reconcile Equivalent Divergent Program Executions. In Proceedings of the USENIX Annual Technical Conference (ATC). 417--429.

[38]

Paradyn Project. [n.d.]. Dyninst: Putting the Performance in High Performance Computing. https://www.dyninst.org.

[39]

Prabhu Rajasekaran, Stephen Crane, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. 2020. CoDaRR: Continuous Data Space Randomization against Data-Only Attacks. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (Taipei, Taiwan) (ASIA CCS '20). Association for Computing Machinery, New York, NY, USA, 494505.

Digital Library

[40]

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, et al. 2017. Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity. In NDSS.

[41]

Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. 2009. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In Proceedings of the ACM European Conference on Computer Systems (EuroSys).

Digital Library

[42]

Babak Salamat, Todd Jackson, Gregor Wagner, Christian Wimmer, and Michael Franz. 2011. Runtime defense against code injection attacks using replicated execution. IEEE Transactions on Dependable and Secure Computing 8, 4 (2011), 588--601.

Digital Library

[43]

Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. In Black Hat USA.

[44]

Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[45]

Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2013. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization. In Proceedings of the IEEE Symposium on Security and Privacy.

Digital Library

[46]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In Proceedings of the IEEE Symposium on Security and Privacy.

Digital Library

[47]

Victor van der Veen, Nitish dutt Sharma, Lorenzo Cavallaro, and Herbert Bos. 2012. Memory Errors: The Past, the Present, and the Future. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

Digital Library

[48]

Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[49]

Stijn Volckaert, Bart Coppens, and Bjorn De Sutter. 2016. Cloning your gadgets: Complete ROP attack immunity with multi-variant execution. IEEE Transactions on Dependable and Secure Computing (TDSC) (2016).

[50]

Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz. 2017. Taming parallelism in a multivariant execution environment. In Proceedings of the ACM European Conference on Computer Systems (EuroSys).

[51]

Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz. 2016. Secure and Efficient Application Monitoring and Replication. In Proceedings of the USENIX Annual Technical Conference (ATC).

[52]

Stijn Volckaert, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere. 2012. GHUMVEE: efficient, effective, and flexible replication. In International Symposium on Foundations and Practice of Security (FPS).

[53]

Alexios Voulimeneas, Dokyung Song, Per Larsen, Michael Franz, and Stijn Volckaert. 2021. dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting. In European Workshop on System Security (EuroSec).

Digital Library

[54]

Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz, and Stijn Volckaert. 2020. Distributed Heterogeneous N-Variant Execution. In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).

Digital Library

[55]

Xiaoguang Wang, SengMing Yeoh, Robert Lyerly, Pierre Olivier, Sang-Hoon Kim, and Binoy Ravindran. 2020. A Framework for Software Diversification with ISA Heterogeneity. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

[56]

Xiaoguang Wang, SengMing Yeoh, Pierre Olivier, and Binoy Ravindran. 2020. Secure and Efficient In-Process Monitor (and Library) Protection with Intel MPK. In European Workshop on System Security (EuroSec).

[57]

Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee. 2017. Bunshin: compositing security mechanisms through diversification. In Proceedings of the USENIX Annual Technical Conference (ATC).

[58]

Sebastian Österlund, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, and Cristiano Giuffrida. 2019. kMVX: Detecting Kernel Information Leaks with Multi-variant Execution. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

Cited By

Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Wada TYamada H(2024)Reboot-Based Recovery of Unikernels at the Component Level2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00017(15-28)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00017

Index Terms

Sharing is caring: secure and efficient shared memory support for MVEEs
1. Security and privacy
  1. Software and application security
  2. Systems security

Recommendations

The Synonym Lookaside Buffer: A Solution to the Synonym Problem in Virtual Caches

To support dynamic address translation in today's microprocessors, the first-level cache is accessed in parallel with a Translation Lookaside Buffer (TLB). However, this current approach faces mounting problems. This paper introduces new ideas to enable ...
DEUCE: Write-Efficient Encryption for Non-Volatile Memories
ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

Phase Change Memory (PCM) is an emerging Non Volatile Memory (NVM) technology that has the potential to provide scalable high-density memory systems. While the non-volatility of PCM is a desirable property in order to save leakage power, it also has the ...
DEUCE: Write-Efficient Encryption for Non-Volatile Memories
ASPLOS'15

Phase Change Memory (PCM) is an emerging Non Volatile Memory (NVM) technology that has the potential to provide scalable high-density memory systems. While the non-volatility of PCM is a desirable property in order to save leakage power, it also has the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

March 2022

783 pages

ISBN:9781450391627

DOI:10.1145/3492321

General Chair:
Yérom-David Bromberg
University of Rennes 1
,
Program Chairs:
Anne-Marie Kermarrec
EPFL
,
Christos Kozyrakis
Stanford University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Funding Sources

KU Leuven nd the Fund for Scientific Research - Flanders (FWO)
VLAIO (Flanders Innovation & Entrepreneurship)

Conference

EuroSys '22

Sponsor:

SIGOPS

EuroSys '22: Seventeenth European Conference on Computer Systems

April 5 - 8, 2022

Rennes, France

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
443
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)4

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Wada TYamada H(2024)Reboot-Based Recovery of Unikernels at the Component Level2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00017(15-28)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00017

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents