GHUMVEE: efficient, effective, and flexible replication
- Author
- Stijn Volckaert (UGent) , Bjorn De Sutter (UGent) , Tim De Baets (UGent) and Koen De Bosschere (UGent)
- Organization
- Abstract
- We present GHUMVEE, a multi-variant execution engine for software intrusion detection. GHUMVEE transparently executes and monitors diversified replicae of processes to thwart attacks relying on a predictable, single data layout. Unlike existing tools, GHUMVEE's interventions in the process' execution are not limited to system call invocations. Because of that design decision, GHUMVEE can handle complex, multi-threaded real-life programs that display non-deterministic behavior as a result of non-deterministic thread scheduling and as a result of pointer-value dependent behavior. This capability is demonstrated on GUI programs from the Gnome and KDE desktop environments.
- Keywords
- Non-determinism, Diversifed Process Replicae, Memory Exploits
Downloads
-
(...).pdf
- full text
- |
- UGent only
- |
- |
- 492.69 KB
Citation
Please use this url to cite or link to this publication: http://hdl.handle.net/1854/LU-4095035
- MLA
- Volckaert, Stijn, et al. “GHUMVEE: Efficient, Effective, and Flexible Replication.” Foundations and Practice of Security : 5th International Symposium, Proceedings, Springer, 2013, pp. 261–77.
- APA
- Volckaert, S., De Sutter, B., De Baets, T., & De Bosschere, K. (2013). GHUMVEE: efficient, effective, and flexible replication. Foundations and Practice of Security : 5th International Symposium, Proceedings, 261–277. Berlin, Germany: Springer.
- Chicago author-date
- Volckaert, Stijn, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere. 2013. “GHUMVEE: Efficient, Effective, and Flexible Replication.” In Foundations and Practice of Security : 5th International Symposium, Proceedings, 261–77. Berlin, Germany: Springer.
- Chicago author-date (all authors)
- Volckaert, Stijn, Bjorn De Sutter, Tim De Baets, and Koen De Bosschere. 2013. “GHUMVEE: Efficient, Effective, and Flexible Replication.” In Foundations and Practice of Security : 5th International Symposium, Proceedings, 261–277. Berlin, Germany: Springer.
- Vancouver
- 1.Volckaert S, De Sutter B, De Baets T, De Bosschere K. GHUMVEE: efficient, effective, and flexible replication. In: Foundations and practice of security : 5th International Symposium, Proceedings. Berlin, Germany: Springer; 2013. p. 261–77.
- IEEE
- [1]S. Volckaert, B. De Sutter, T. De Baets, and K. De Bosschere, “GHUMVEE: efficient, effective, and flexible replication,” in Foundations and practice of security : 5th International Symposium, Proceedings, Montréal, QC, Canada, 2013, pp. 261–277.
@inproceedings{4095035,
abstract = {{We present GHUMVEE, a multi-variant execution engine for software intrusion detection. GHUMVEE transparently executes and monitors diversified replicae of processes to thwart attacks relying on a predictable, single data layout. Unlike existing tools, GHUMVEE's interventions in the process' execution are not limited to system call invocations. Because of that design decision, GHUMVEE can handle complex, multi-threaded real-life programs that display non-deterministic behavior as a result of non-deterministic thread scheduling and as a result of pointer-value dependent behavior. This capability is demonstrated on GUI programs from the Gnome and KDE desktop environments.}},
author = {{Volckaert, Stijn and De Sutter, Bjorn and De Baets, Tim and De Bosschere, Koen}},
booktitle = {{Foundations and practice of security : 5th International Symposium, Proceedings}},
isbn = {{9783642371189}},
keywords = {{Non-determinism,Diversifed Process Replicae,Memory Exploits}},
language = {{eng}},
location = {{Montréal, QC, Canada}},
pages = {{261--277}},
publisher = {{Springer}},
title = {{GHUMVEE: efficient, effective, and flexible replication}},
year = {{2013}},
}