FreeDA: deploying incompatible stock dynamic analyses in production via multi-version execution
File(s)freeda-cf-18.pdf (1.17 MB)
Accepted version
Author(s)
Pina, Luis
Andronidis, Anastasios
Cadar, C
Type
Conference Paper
Abstract
Dynamic analyses such as those implemented by compiler sanitizers
and Valgrind are effective at finding and diagnosing challenging
bugs and security vulnerabilities. However, most analyses cannot
be combined on the same program execution, and they incur a
high overhead, which typically prevents them from being used in
production.
This paper addresses the ambitious goal of running concurrently
multiple incompatible stock dynamic analysis tools in production,
without requiring any modifications to the tools themselves or
adding significant runtime overhead to the deployed system. This is
accomplished using multi-version execution, in which the dynamic
analyses are run concurrently with the native version, all on the
same program execution.
We implement our approach in a system called
FreeDA
and show
that it is applicable to several common scenarios, involving network
servers and interactive applications. In particular, we show how
incompatible stock dynamic analyses implemented by Clang’s sani-
tizers and Valgrind can be used to check high-performance servers
such as Memcached, Nginx and Redis, and interactive applications
such as Git, HTop and OpenSSH.
and Valgrind are effective at finding and diagnosing challenging
bugs and security vulnerabilities. However, most analyses cannot
be combined on the same program execution, and they incur a
high overhead, which typically prevents them from being used in
production.
This paper addresses the ambitious goal of running concurrently
multiple incompatible stock dynamic analysis tools in production,
without requiring any modifications to the tools themselves or
adding significant runtime overhead to the deployed system. This is
accomplished using multi-version execution, in which the dynamic
analyses are run concurrently with the native version, all on the
same program execution.
We implement our approach in a system called
FreeDA
and show
that it is applicable to several common scenarios, involving network
servers and interactive applications. In particular, we show how
incompatible stock dynamic analyses implemented by Clang’s sani-
tizers and Valgrind can be used to check high-performance servers
such as Memcached, Nginx and Redis, and interactive applications
such as Git, HTop and OpenSSH.
Date Issued
2018-05-08
Date Acceptance
2018-03-09
Citation
CF '18: Proceedings of the 15th ACM International Conference on Computing Frontiers, 2018, pp.1-10
ISBN
9781450357616
Publisher
ACM
Start Page
1
End Page
10
Journal / Book Title
CF '18: Proceedings of the 15th ACM International Conference on Computing Frontiers
Copyright Statement
© 2018 ACM. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CF '18: Proceedings of the 15th ACM International Conference on Computing Frontiers (May 2018) https://dl.acm.org/doi/10.1145/3203217.3203237
Sponsor
Engineering & Physical Science Research Council (EPSRC)
Grant Number
EP/L002795/1
Source
ACM International Conference on Computing Frontiers (CF 2018)
Subjects
Science & Technology
Technology
Computer Science, Theory & Methods
Engineering, Electrical & Electronic
Computer Science
Engineering
Multi-version execution
sanitizers
Valgrind
Publication Status
Published
Start Date
2018-05-08
Finish Date
2018-05-10
Coverage Spatial
Ischia, Italy