Probabilistically Correct Execution: Hardening Applications Against Error and Attack

概率上正确的执行：强化应用程序以防止错误和攻击

• 批准号: 0615211
• 负责人: Emery Berger
• 金额: --
• 依托单位: University of Massachusetts Amherst
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-15 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0615211&HistoricalAwards=false
• 关键词: Probabilistically; Correct; Execution; Hardening; Applications

The vast majority of today's software applications are written in C and C++, two unsafe languages. These languages leave applications defenseless against a wide range of programmer errors. These errors not only cause programs to misbehave or crash, but also leave them susceptible to attack.Probabilistically correct execution (PCE) transparently hardens these applications against error or attack. PCE first randomizes the memory image of an application, increasing the odds that errors will have no effect, and guaranteeing that any bug will only affect a small percentage of users. By running multiple, differently-randomized replicas of the same program on different processors and voting on their outputs, PCE can ensure correct program execution with even higher probability.Current hardware trends inexpensive and plentiful system memory, and the arrival of multicore processors make this work especially timely. PCE can harness these additional hardware resources to dramatically increase the reliability of existing software.A prototype implementation of PCE has been developed that offers protection for off-the-shelf applications written in C or C++. This prototype, called DieHard, imposes little runtime overhead for most applications. Additional replicas add protection while DieHard's performance scales to large numbers of multiple processors and processing cores. DieHard allows programs to execute correctly with high probability, provably protecting them against a broad range of errors and attacks.This project explores various extensions to PCE, including tolerating race conditions, continuing execution in the face of memory leaks, extending it to a broader class of applications, and using PCE for bug detection.

当今绝大多数软件应用程序都是用C和C++这两种不安全的语言编写的。这些语言使应用程序对各种程序员错误毫无防备。这些错误不仅会导致程序行为不当或崩溃，而且还使它们容易受到攻击。概率正确执行（PCE）透明地加强了这些应用程序对错误或攻击的抵抗。PCE首先将应用程序的内存映像随机化，增加错误不会产生影响的几率，并保证任何错误只会影响一小部分用户。PCE通过在不同的处理器上运行同一程序的多个不同随机化的副本并对它们的输出进行投票，可以确保程序以更高的概率正确执行。当前硬件的趋势是廉价和充足的系统内存，而多核处理器的到来使得这项工作变得尤为及时。PCE可以利用这些额外的硬件资源来显著提高现有软件的可靠性。PCE的原型实现已经开发出来，为用C或C++编写的现成应用程序提供保护。这个原型称为DieHard，对大多数应用程序来说几乎没有运行时开销。额外的副本增加了保护，而DieHard的性能可扩展到大量的多处理器和处理核心。DieHard允许程序以高概率正确执行，可证明保护它们免受广泛的错误和攻击。该项目探索PCE的各种扩展，包括容忍竞争条件，面对内存泄漏继续执行，将其扩展到更广泛的应用程序类别，以及使用PCE进行错误检测。