Rave: A Modular and Extensible Framework for Program State Re-Randomization
Dynamic software diversification is an effective way to boost software security. Existing diversification-based approaches often target a single node environment and leverage in-process agents to diversify code and data, resulting in an unnecessary attack surface on a fixed software/hardware stack. This paper presents Rave, a practical system designed to enable out-of-bound program state shuffling on a moving target environment, avoiding any sensitive agent code invoked within the running target. Rave relies on a userspace page fault handling mechanism introduced in the latest Linux kernel and seamlessly integrates with CRIU , the battle-tested process migration tool for Linux.
Rave consists of two components: librave, a library for static binary analysis and instrumentation, and CRIU-Rave, a runtime that dynamically updates program execution states (e.g., internal stack data layout and the machine node the program runs on). We built a prototype of Rave and evaluated it with four real-world server applications and 13 applications from the SPEC CPU 2017 and the SNU C version of NAS Parallel Benchmarks (NPB) benchmark suites. We demonstrated that Rave can continuously re-randomize the program state (e.g., internal stack layout, instruction sequences, and machine node to run on). The evaluation shows that Rave increases the internal program state entropy with an additional ≈200 ms time overhead for each re-randomization epoch on average.