Making Multi-Variant Execution Environments Practical in the Real World

Multi-Variant Execution Environments (MVEEs) have several proven applications including protection against memory attacks. Their core idea is to run multiple variants of a program in parallel on the same inputs. A monitoring component examines the variants’ behavior and shuts them down if a discrepancy is found. By applying “structured” software diversity techniques to these variants, one can easily construct an environment in which the program is either immune or, at the very least, highly resilient against several types of memory exploits. Unfortunately, MVEEs have not seen much real-world adoption outside of military environments. The main problem is that MVEEs have steep resource requirements and put stringent constraints on the features the protected program can use.

This PhD project will explore techniques to improve MVEEs along both axes. The idea is two-fold. First, the student will explore program analysis, partitioning, and state propagation techniques which will allow us to apply an MVEE to only small (security-sensitive) parts of a program, while the majority of the program runs in single-variant mode. Second, the student will explore ways to extend compatibility to types of features that are thus far problematic to support. In both cases, the student is expected to build on recently introduced hardware extensions such as Intel MPK, as well as state-of-the-art program analyses that were recently added to the LLVM compiler infrastructure.