Safe Software Updates via Multi-version Execution

Abstract

Software systems are constantly evolving, with new versions and patches being released on a continuous basis. Unfortunately, software updates present a high risk, with many releases introducing new bugs and security vulnerabilities.

We tackle this problem using a simple but effective multiversion based approach. Whenever a new update becomes available, instead of upgrading the software to the new version, we run the new version in parallel with the old; by carefully coordinating their executions and selecting the behavior of the more reliable version when they diverge, we create a more secure and dependable multi-version application.

We have implemented this technique in a prototype system targeting multicore processors, and show that it can be applied successfully to several security-critical applications, such as Lighttpd and Redis.