Redundant Computing for Security

David Evans
TRUST Seminar, UC Berkeley
Berkeley, CA
25 September 2008


Increases in transistor counts, without corresponding advances in programming techniques and I/O latency, has lead to a situation where unused computing capacity is often cheaply available. Our research explores ways to use redundant computation to improve security. I will present a new architectural framework that uses redundant computation and artificial diversity to enhance security. The framework runs variants in a synchronized way that requires an attacker to compromise one of the system variants without producing detectably different behavior in another system variant. By constructing variants with disjoint exploitation sets, we make it impossible to successfully carry out large classes of important attacks. In this talk, I will describe our framework, identify some useful variations, and present results using a prototype implementation to protect an Apache server.

David Evans, currently on sabbatical visiting UC Berkeley, is an Associate Professor at the University of Virginia and Founding Director of the Interdisciplinary Major in Computer Science. He has SB, SM and PhD degrees in Computer Science from MIT. His other research interests include program analysis, RFID privacy, and web application security. The talk describes joint work with Ben Cox, Anh Nguyen-Tuong, Jonathan Rowanhill, John Knight, and Jack Davidson.

Slides: [PPT, PDF]

N-Variant systems Project