Rave: A Modular and Extensible Framework for Program State Re-Randomization
| dc.contributor.author | Blackburn, Christopher | en |
| dc.contributor.author | Wang, Xiaoguang | en |
| dc.contributor.author | Ravindran, Binoy | en |
| dc.date.accessioned | 2023-03-07T13:19:56Z | en |
| dc.date.available | 2023-03-07T13:19:56Z | en |
| dc.date.issued | 2022-11-11 | en |
| dc.date.updated | 2023-01-23T15:13:58Z | en |
| dc.description.abstract | Dynamic software diversification is an effective way to boost software security. Existing diversification-based approaches often target a single node environment and leverage in-process agents to diversify code and data, resulting in an unnecessary attack surface on a fixed software/hardware stack. This paper presents Rave, a practical system designed to enable out-of-bound program state shuffling on a moving target environment, avoiding any sensitive agent code invoked within the running target. Rave relies on a userspace page fault handling mechanism introduced in the latest Linux kernel and seamlessly integrates with CRIU [10], the battle-tested process migration tool for Linux. Rave consists of two components: librave, a library for static binary analysis and instrumentation, and CRIU-Rave, a runtime that dynamically updates program execution states (e.g., internal stack data layout and the machine node the program runs on). We built a prototype of Rave and evaluated it with four real-world server applications and 13 applications from the SPEC CPU 2017 and the SNU C version of NAS Parallel Benchmarks (NPB) benchmark suites. We demonstrated that Rave can continuously re-randomize the program state (e.g., internal stack layout, instruction sequences, and machine node to run on). The evaluation shows that Rave increases the internal program state entropy with an additional ≈200 ms time overhead for each re-randomization epoch on average. | en |
| dc.description.version | Published version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.doi | https://doi.org/10.1145/3560828.3564008 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/114045 | en |
| dc.language.iso | en | en |
| dc.publisher | ACM | en |
| dc.rights | Creative Commons Attribution 4.0 International | en |
| dc.rights.holder | The author(s) | en |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | en |
| dc.title | Rave: A Modular and Extensible Framework for Program State Re-Randomization | en |
| dc.type | Article - Refereed | en |
| dc.type.dcmitype | Text | en |