Skip to main content
SpringerLink
Log in

GHUMVEE: Efficient, Effective, and Flexible Replication

  • Conference paper
Foundations and Practice of Security (FPS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7743))

Included in the following conference series:

Abstract

We present GHUMVEE, a multi-variant execution engine for software intrusion detection. GHUMVEE transparently executes and monitors diversified replicae of processes to thwart attacks relying on a predictable, single data layout. Unlike existing tools, GHUMVEE’s interventions in the process’ execution are not limited to system call invocations. Because of that design decision, GHUMVEE can handle complex, multi-threaded real-life programs that display non-deterministic behavior as a result of non-deterministic thread scheduling and as a result of pointer-value dependent behavior. This capability is demonstrated on GUI programs from the Gnome and KDE desktop environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akritidis, P., Costa, M., et al.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proc. USENIX SSYM, pp. 51–66 (2009)

    Google Scholar 

  2. Aleph One: Smashing the stack for fun and profit. Phrack Magazine 7(49) (1996)

    Google Scholar 

  3. Anckaert, B.: Diversity for Software Protection. PhD thesis, Ghent University (2008)

    Google Scholar 

  4. Anckaert, B., Jakubowski, M., Venkatesan, R.: Proteus: virtualization for diversified tamper-resistance. In: Proc. ACM DRM, pp. 47–58 (2006)

    Google Scholar 

  5. Baratloo, A., Singh, N., Tsai, T.: Libsafe: Protecting critical elements of stacks. White paper, Bell Labs, Lucent Technologies (December 1999)

    Google Scholar 

  6. Berger, E., Zorn, B.: DieHard: probabilistic memory safety for unsafe languages. In: Proc. ACM PLDI, pp. 158–168 (2006)

    Google Scholar 

  7. Berger, E.D., Zorn, B.G., McKinley, K.S.: Reconsidering custom memory allocation. In: Proc. ACM OOPSLA, pp. 1–12 (2002)

    Google Scholar 

  8. Bruschi, D., Cavallaro, L.: Diversified Process Replicæfor Defeating Memory Error Exploits. In: Proc. IEEE IPCCC, pp. 434–441 (2007)

    Google Scholar 

  9. Cavallaro, L.: Comprehensive Memory Error Protection via Diversity and Taint-Tracking. PhD thesis, Universita Degli Studi Di Milano (2007)

    Google Scholar 

  10. Chen, S., Xu, J., Sezer, E., Gauriar, P.: Non-control-data attacks are realistic threats. In: Proc. USENIX SSYM (2005)

    Google Scholar 

  11. Chiueh, T.C., Hsu, F.H.: RAD: A Compile-Time Solution to Buffer Overflow Attacks. In: Proc. IEEE ICDCS, pp. 409–417 (2001)

    Google Scholar 

  12. Cowan, C., Pu, C., et al.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In: Proc. USENIX SSYM, pp. 26–29 (1998)

    Google Scholar 

  13. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. In: Proc. USENIX SSYM, pp. 91–104 (2003)

    Google Scholar 

  14. Cox, B., Evans, D., et al.: N-variant systems: A secretless framework for security through diversity. In: Proc. USENIX SSYM, pp. 105–120 (2006)

    Google Scholar 

  15. Curry, T.W.: Profiling and Tracing Dynamic Library Usage Via Interposition. In: Proc. USENIX USTC, pp. 267–278 (1994)

    Google Scholar 

  16. Holtmann, M.: Secure Programming with GCC and GLibc (2008)

    Google Scholar 

  17. Franke, H., Russell, R., Kirkwood, M.: Fuss, Futexes and Furwocks: Fast Userlevel Locking in Linux. In: Proc. Ottowa Linux Symposium (2002)

    Google Scholar 

  18. Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: Proc. USENIX WINSYM (1999)

    Google Scholar 

  19. IBM Research: GCC extension for protecting applications from stack-smashing attacks (2005)

    Google Scholar 

  20. Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In: Proc. ACSAC, pp. 339–348 (2006)

    Google Scholar 

  21. McGregor, J.P., Karig, D.K., Shi, Z., Lee, R.B.: A Processor Architecture Defense against Buffer Overflow Attacks (2003)

    Google Scholar 

  22. Microsoft Corporation: Data Execution Prevention

    Google Scholar 

  23. Microsoft Corporation: Security Enhancements in the CRT

    Google Scholar 

  24. Microsoft Corporation: Visual C++ Linker Options: /GS (Buffer Security Check) (2002)

    Google Scholar 

  25. Miller, T.C., de Raadt, T.: strlcpy and strlcat Consistent, Safe, String Copy and Concatenation. In: Proc. USENIX ATEC, pp. 175–178 (1999)

    Google Scholar 

  26. Molnar, I.: ”Exec Shield”, new Linux security feature

    Google Scholar 

  27. Nergal: The advanced return-into-lib(c) exploits. Phrack Magazine 12(58) (2001)

    Google Scholar 

  28. Nguyen-Tuong, A., Evans, D., Knight, J.C., Cox, B., Davidson, J.W.: Security through redundant data diversity. In: Proc. IEEE DSN, pp. 187–196 (2008)

    Google Scholar 

  29. PaX Team: Address Space Layout Randomization (2004)

    Google Scholar 

  30. Roemer, R., Buchanan, E., et al.: Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 2:1–2:34 (2012)

    Article  Google Scholar 

  31. Ronsse, M., De Bosschere, K.: RecPlay: A Fully Integrated Practical Record/Replay System. ACM Trans. Comp. Sys. 17(2), 133–152 (1999)

    Article  Google Scholar 

  32. Salamat, B., Gal, A., Franz, M.: Reverse stack execution in a multi-variant execution environment. In: CATARS Workshop (2008)

    Google Scholar 

  33. Salamat, B., Jackson, T., et al.: Orchestra: A User Space Multi-Variant Execution Environment. In: Proc. EuroSys, pp. 33–46 (2009)

    Google Scholar 

  34. Salamat, B.: Multi-Variant Execution: Run-Time Defense against Malicious Code Injection Attacks. PhD thesis, University of California, Irvine (2009)

    Google Scholar 

  35. Salamat, B., Gal, A., et al.: Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities. In: Proc. CICIS, pp. 843–848 (2008)

    Google Scholar 

  36. Salamat, B., Jackson, T., et al.: Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In: Proc. EuroSys, pp. 33–46 (2009)

    Google Scholar 

  37. Shacham, H., Goh, E.J., Modadugu, N., Pfaff, B., Boneh, D.: On the effectiveness of address-space randomization (2004)

    Google Scholar 

  38. The GNU C Library: Copying and Concatenation

    Google Scholar 

  39. Thorvalds, L.: Linux Programmer’s Manual

    Google Scholar 

  40. Tsai, T., Singh, N.: Libsafe 2.0: Detection of Format String Vulnerability Exploits (2001)

    Google Scholar 

  41. Williams, D., Hu, W., et al.: Security through Diversity: Leveraging Virtual Machine Technology. IEEE Security & Privacy 7(1), 26–33 (2009)

    Article  Google Scholar 

  42. Xiong, W., Park, S., Zhang, J., Zhou, Y., Ma, Z.: Ad hoc synchronization considered harmful. In: Proc. USENIX OSDI, pp. 1–8 (2010)

    Google Scholar 

  43. Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent Runtime Randomization for Security. In: Proc. SRDS 2003, pp. 260–269 (2003)

    Google Scholar 

  44. Younan, Y., Philippaerts, P., et al.: Paricheck: an efficient pointer arithmetic checker for C programs. In: Proc. ASIACCS, pp. 145–156 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Systems Lab, Ghent University, Belgium

    Stijn Volckaert, Bjorn De Sutter, Tim De Baets & Koen De Bosschere

Authors
  1. Stijn Volckaert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bjorn De Sutter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tim De Baets
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Koen De Bosschere
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM SudParis, 9 rue Charles Fourier, 91011, Evry, CEDEX, France

    Joaquin Garcia-Alfaro

  2. TELECOM Bretagne, 2 rue de la Châtaigneraie, 35512, Cesson Sévigné, CEDEX, France

    Frédéric Cuppens  & Nora Cuppens-Boulahia  & 

  3. Ryerson University, 245 Church Street, M5B 2K3, Toronto, ON, Canada

    Ali Miri

  4. Université Laval, 1065 avenue de la médecine, G1V 0A6, Quebec, Canada

    Nadia Tawbi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Volckaert, S., De Sutter, B., De Baets, T., De Bosschere, K. (2013). GHUMVEE: Efficient, Effective, and Flexible Replication. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds) Foundations and Practice of Security. FPS 2012. Lecture Notes in Computer Science, vol 7743. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37119-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37119-6_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37118-9

  • Online ISBN: 978-3-642-37119-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation