Rave: A Modular and Extensible Framework for Program State Re-Randomization

dc.contributor.authorBlackburn, Christopheren
dc.contributor.authorWang, Xiaoguangen
dc.contributor.authorRavindran, Binoyen
dc.date.accessioned2023-03-07T13:19:56Zen
dc.date.available2023-03-07T13:19:56Zen
dc.date.issued2022-11-11en
dc.date.updated2023-01-23T15:13:58Zen
dc.description.abstractDynamic software diversification is an effective way to boost software security. Existing diversification-based approaches often target a single node environment and leverage in-process agents to diversify code and data, resulting in an unnecessary attack surface on a fixed software/hardware stack. This paper presents Rave, a practical system designed to enable out-of-bound program state shuffling on a moving target environment, avoiding any sensitive agent code invoked within the running target. Rave relies on a userspace page fault handling mechanism introduced in the latest Linux kernel and seamlessly integrates with CRIU [10], the battle-tested process migration tool for Linux. Rave consists of two components: librave, a library for static binary analysis and instrumentation, and CRIU-Rave, a runtime that dynamically updates program execution states (e.g., internal stack data layout and the machine node the program runs on). We built a prototype of Rave and evaluated it with four real-world server applications and 13 applications from the SPEC CPU 2017 and the SNU C version of NAS Parallel Benchmarks (NPB) benchmark suites. We demonstrated that Rave can continuously re-randomize the program state (e.g., internal stack layout, instruction sequences, and machine node to run on). The evaluation shows that Rave increases the internal program state entropy with an additional ≈200 ms time overhead for each re-randomization epoch on average.en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3560828.3564008en
dc.identifier.urihttp://hdl.handle.net/10919/114045en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleRave: A Modular and Extensible Framework for Program State Re-Randomizationen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
3560828.3564008.pdf
Size:
1.15 MB
Format:
Adobe Portable Document Format
Description:
Published version
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
0 B
Format:
Item-specific license agreed upon to submission
Description: