Sökning: onr:"swepub:oai:DiVA.org:kth-333509" >
Multi-variant Execu...
Multi-variant Execution at the Edge
-
- Cabrera Arteaga, Javier, 1992- (författare)
- KTH,Programvaruteknik och datorsystem, SCS
-
- Laperdrix, Pierre (författare)
- Centre National de la Recherche Scientifique CNRS, Paris, France
-
- Monperrus, Martin (författare)
- KTH,Teoretisk datalogi, TCS
-
visa fler...
-
- Baudry, Benoit (författare)
- KTH,Programvaruteknik och datorsystem, SCS
-
visa färre...
-
(creator_code:org_t)
- 2022-11-07
- 2022
- Engelska.
-
Ingår i: MTD 2022. - New York, NY, USA : Association for Computing Machinery (ACM). ; , s. 11-22
- Relaterad länk:
-
https://doi.org/10.1...
-
visa fler...
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format WebAssembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given a service, we automatically synthesize functionally equivalent variants for the functions providing the service. All the variants are then wrapped into a single multivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 services for which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the world-wide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe.
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)
Nyckelord
- diversification
- edge-cloud computing
- moving target defense
- multivariant execution
- webassembly
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)