Better Late Than Never: An n-Variant Framework of Verification for Java Source Code on CPU x GPU Hybrid Platform
Proceedings of the 28th International Symposium on High-Performance Parallel and Distributed Computing(2019)
摘要
A method of detecting malicious intrusions and runtime faults in software is proposed, which replicates untrusted computations onto two diverse but often co-located instruction architectures: CPU and GPU. Divergence between the replicated computations signals an intrusion or fault, such as a zero-day exploit. A prototype implementation for Java demonstrates that the approach is realizable in practice, and can successfully detect exploitation of Java VM and runtime system vulnerabilities even when the vulnerabilities are not known in advance to defenders. To achieve acceptable performance, it is shown that GPU parallelism can be leveraged to rapidly validate CPU computations that would otherwise exhibit unacceptable performance if executed on GPU alone. The resulting system detects anomalies in CPU computations on a short delay, during which the GPU replica quickly validates many CPU computation fragments in parallel in order to catch up with the CPU computation. Significant differences between the CPU and GPU computational models lead to high natural diversity between the replicas, affording detection of large exploit classes without laborious manual diversification of the code.
更多查看译文
关键词
intrusion detection, java, n-variant, software engineering, software exploit detection, software reliability
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络