Multi-variant Execution at the Edge

Cabrera-Arteaga, Javier; Laperdrix, Pierre; Monperrus, Martin; Baudry, Benoit

Type de document :

Communication dans un congrès avec actes

DOI :

10.1145/3560828.3564007

Titre :

Multi-variant Execution at the Edge

Auteur(s) :

Cabrera-Arteaga, Javier [Auteur]
KTH Royal Institute of Technology [Stockholm] [KTH]
Laperdrix, Pierre [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Monperrus, Martin [Auteur]

KTH Royal Institute of Technology [Stockholm] [KTH]
Baudry, Benoit [Auteur]
KTH Royal Institute of Technology [Stockholm] [KTH]

Titre de la manifestation scientifique :

MTD 2022 - 9th ACM Workshop on Moving Target Defense

Ville :

Los Angeles

Pays :

Etats-Unis d'Amérique

Date de début de la manifestation scientifique :

2022-11-07

Mot(s)-clé(s) en anglais :

Diversification
Moving Target Defense
Edge-Cloud computing
Multivariant execution
WebAssembly

Discipline(s) HAL :

Informatique [cs]/Web

Résumé en anglais : [en]

Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format Web-Assembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud ...
Lire la suite >Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format Web-Assembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given a service, we automatically synthesize functionally equivalent variants for the functions providing the service. All the variants are then wrapped into a single multivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 services for which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the worldwide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe.Lire moins >

Langue :

Anglais

Comité de lecture :

Oui

Audience :

Internationale

Vulgarisation :

Non

Collections :

Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL

Fichiers

https://hal.archives-ouvertes.fr/hal-03824601/document
Accès libre
Accéder au document

https://hal.archives-ouvertes.fr/hal-03824601/document
Accès libre
Accéder au document

document
Accès libre
Accéder au document

multi-variant.pdf
Accès libre
Accéder au document

document
Accès libre
Accéder au document

multi-variant.pdf
Accès libre
Accéder au document

Multi-variant Execution at the Edge BibTeX CSV Excel RIS

Fichiers

Multi-variant Execution at the Edge

BibTeX

CSV

Excel

RIS