Multi-variant Execution at the Edge

Cabrera-Arteaga, Javier; Laperdrix, Pierre; Monperrus, Martin; Baudry, Benoit

Document type :

Communication dans un congrès avec actes

DOI :

10.1145/3560828.3564007

Title :

Multi-variant Execution at the Edge

Author(s) :

Cabrera-Arteaga, Javier [Auteur]
KTH Royal Institute of Technology [Stockholm] [KTH]
Laperdrix, Pierre [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Monperrus, Martin [Auteur]

KTH Royal Institute of Technology [Stockholm] [KTH]
Baudry, Benoit [Auteur]
KTH Royal Institute of Technology [Stockholm] [KTH]

Conference title :

MTD 2022 - 9th ACM Workshop on Moving Target Defense

City :

Los Angeles

Country :

Etats-Unis d'Amérique

Start date of the conference :

2022-11-07

English keyword(s) :

Diversification
Moving Target Defense
Edge-Cloud computing
Multivariant execution
WebAssembly

HAL domain(s) :

Informatique [cs]/Web

English abstract : [en]

Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format Web-Assembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud ...
Show more >Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format Web-Assembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given a service, we automatically synthesize functionally equivalent variants for the functions providing the service. All the variants are then wrapped into a single multivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 services for which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the worldwide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe.Show less >

Language :

Anglais

Peer reviewed article :

Oui

Audience :

Internationale

Popular science :

Non

Collections :

Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL

Files

https://hal.archives-ouvertes.fr/hal-03824601/document
Open access
Access the document

https://hal.archives-ouvertes.fr/hal-03824601/document
Open access
Access the document

document
Open access
Access the document

multi-variant.pdf
Open access
Access the document

document
Open access
Access the document

multi-variant.pdf
Open access
Access the document

Multi-variant Execution at the Edge BibTeX CSV Excel RIS

Files

Multi-variant Execution at the Edge

BibTeX

CSV

Excel

RIS