Affiliation:
1. Imperial College London, London, United Kingdom
Abstract
With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. The key component of such N-version execution (NVX) systems is a runtime monitor that enables the execution of multiple versions in parallel. Unfortunately, existing monitors impose either a large performance overhead or rely on intrusive kernel-level changes. Moreover, none of the existing solutions scales well with the number of versions, since the runtime monitor acts as a performance bottleneck.
In this paper, we introduce Varan, an NVX framework that combines selective binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions, without relying on intrusive kernel modifications.
Our evaluation shows that Varan can run NVX systems based on popular C10k network servers with only a modest performance overhead, and can be effectively used to increase software reliability using techniques such as transparent failover, live sanitization and multi-revision execution.
Funder
Google
Engineering and Physical Sciences Research Council
Publisher
Association for Computing Machinery (ACM)
Reference47 articles.
1. A. Alexandrov P. Kmiec and K. Schauser. Consh: Confined execution environment for Internet computations. http://itslab.inf.kyushu-u.ac.jp/ssr/Links/alexandrov98consh.pdf Dec. 1998. A. Alexandrov P. Kmiec and K. Schauser. Consh: Confined execution environment for Internet computations. http://itslab.inf.kyushu-u.ac.jp/ssr/Links/alexandrov98consh.pdf Dec. 1998.
2. The Case for Energy-Proportional Computing
3. CoreDet
4. DieHard
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献