RDACIA Runtime Defence Against Code Injection Attack Using N-Variant Approach
Author : K.A. Sheik Mydeen and V. Bala MuruganVolume 1 No.1 January-June 2012 pp 43-46
Abstract
Software vulnerabilities have been a major threat for decades. Security vulnerabilities in software permit attackers to compromise and misuse computer systems for various malicious purposes. Intrusion detection systems have an important role in detecting and disrupting attacks before they can compromise software. Multi- variant execution is an intrusion detection mechanism that executes several slightly different versions or variants of the same program in lockstep. The variants are built to have identical behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior. At run time, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. We present a monitoring mechanism that does not need any kernel privileges to supervise the variants. As a result, the monitor runs entirely in user space. Our experiments show that the multi-variant execution technique is effective in detecting and preventing code injection attacks.
Keywords
Code injection attack, malicious attack, n-variant execution, multi-variant execution, software fault tolerant
Full Text:
