Deploying Dynamic Analyses and Preventing Compiler Backdoors with Multi-Version Execution

Abstract

Bug-finding tools based on dynamic analysis (DA), such as Valgrind or the compiler sanitizers provided by Clang and GCC, have become ubiquitous during software development. These analyses are precise but incur a large performance overhead (often several times slower than native execution), which makes them prohibitively expensive to use in production.

Multi-version execution allows multiple program versions to run concurrently as long as they behave in the same way (i.e., issue the same sequence of system calls). In this talk, I will present early work on the exciting possibility of deploying expensive dynamic analyses in production code using multi-version execution. I will also describe how multi-version execution can be used to detect compiler backdoors in security sensitive programs.

Talk given at UPC (Universitat Politècnica de Catalunya), Barcelona, Spain; in the context of the ICT Cost Action IC1402