Varan the Unbelievable: An Efficient N-version Execution Framework
Petr Hosek, Imperial College London
Abstract: With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach for increasing the reliability and security of software systems. The key component of such N-version execution (NVX) systems is a runtime monitor that enables the execution of multiple versions in parallel. Unfortunately, existing monitors impose either a large performance overhead and/or rely on intrusive kernel-level changes. Moreover, none of the existing solutions scales well with the number of versions, since the runtime monitor acts as a performance bottleneck. In this talk, I will introduce Varan, an NVX framework that combines binary rewriting with a novel event-streaming architecture to significantly reduce performance overhead and scale well with the number of versions, without relying on intrusive kernel modifications. Our evaluation shows that Varan can run NVX systems based on popular C10k network servers with only a modest performance overhead, and can be effectively used to increase software reliability using techniques such as transparent failover, multi-version execution and live sanitization.
About the speaker
Petr (http://srg.doc.ic.ac.uk/people/petr-hosek/) is a final-year doctoral student in the Department of Computing at Imperial College London, where he works in the Software Reliability Group under the supervision of Dr Cristian Cadar. He has an MSc and a BSc in Computer Science from Charles University in Prague, where he specialised in software engineering and dependable systems. Petr‘s research interests include software reliability and security engineering, and his PhD work explores novel techniques for improving the reliability of software updates in the context of modern parallel hardware platforms.