Luís Pina

FreeDA: Deploying Incompatible Stock Dynamic Analyses in Production via Multi-Version Execution

| PDF |

Luís Pina and Anastasios Andronidis and Cristian Cadar
In Proceedings of the 2018 ACM International Conference on Computing Frontiers (CF)
May, 2018

Abstract

Dynamic analyses such as those implemented by compiler sanitizers and Valgrind are effective at finding and diagnosing challenging bugs and security vulnerabilities. However, most analyses cannot be combined on the same program execution, and they incur a high overhead, which typically prevents them from being used in production. This paper addresses the ambitious goal of running concurrently multiple incompatible stock dynamic analysis tools in production, without requiring any modifications to the tools themselves or adding significant runtime overhead to the deployed system. This is accomplished using multi-version execution, in which the dynamic analyses are run concurrently with the native version, all on the same program execution. We implement our approach in a system called FreeDA and show that it is applicable to several common scenarios, involving network servers and interactive applications. In particular, we show how incompatible stock dynamic analyses implemented by Clang's sanitizers and Valgrind can be used to check high-performance servers such as Memcached, Nginx and Redis, and interactive applications such as Git, HTop and OpenSSH.

Bibtex

@inproceedings{pina18freeda,
  title     = {FreeDA: Deploying Incompatible Stock Dynamic Analyses in Production via Multi-Version Execution},
  author    = {Pina, Lu\'{\i}s and Andronidis, Anastasios and Cadar, Cristian},
  booktitle = {Proceedings of the {ACM}  International Conference on Computing Frontiers},
  year      = {2018},
  month     = MAY,
  series    = {CF '18},
  location  = {Ischia, Italy},
  publisher = {ACM},
  
}