An NVX framework that combines selective binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions.

Overview

With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. The key component of such N-version execution (NVX) systems is a runtime monitor that enables the execution of multiple versions in parallel.

Unfortunately, existing monitors impose either a large performance overhead and/or rely on intrusive kernel-level changes. Moreover, none of the existing solutions scales well with the number of versions, since the runtime monitor acts as a performance bottleneck.

Varan is an NVX framework that combines selective binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions, without relying on intrusive kernel modifications.

Our evaluation shows that Varan can run NVX systems based on popular C10k network servers with only a modest performance overhead, and can be effectively used to increase software reliability using techniques such as transparent failover, live sanitization and multi-version execution.

Research Support

This research project is generously sponsored by Google through a PhD Fellowship.

Publications

  • Mvedsua: Higher Availability Dynamic Software Updates via Multi-Version Execution

    Luís Pina, Anastasios Andronidis, Michael Hicks, Cristian Cadar

    International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019)

  • FreeDA: Deploying Incompatible Stock Dynamic Analyses in Production via Multi-Version Execution

    Luís Pina, Anastasios Andronidis, Cristian Cadar

    ACM International Conference on Computing Frontiers (CF 2018)

  • A DSL Approach to Reconcile Equivalent Divergent Program Executions

    Luís Pina, Daniel Grumberg, Anastasios Andronidis, Cristian Cadar

    USENIX Annual Technical Conference (USENIX ATC 2017)

  • Varan the Unbelievable: An Efficient N-version Execution Framework

    Petr Hosek, Cristian Cadar

    International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015)

  • Towards Deployment-Time Dynamic Analysis of Server Applications

    Luís Pina, Cristian Cadar

    International Workshop on Dynamic Analysis (WODA 2015)