Probabilistically Correct Execution: Hardening Applications Against Error and Attack
University Of Massachusetts Amherst, Amherst MA
Investigators
Abstract
The vast majority of today's software applications are written in C and C++, two unsafe languages. These languages leave applications defenseless against a wide range of programmer errors. These errors not only cause programs to misbehave or crash, but also leave them susceptible to attack. Probabilistically correct execution (PCE) transparently hardens these applications against error or attack. PCE first randomizes the memory image of an application, increasing the odds that errors will have no effect, and guaranteeing that any bug will only affect a small percentage of users. By running multiple, differently-randomized replicas of the same program on different processors and voting on their outputs, PCE can ensure correct program execution with even higher probability. Current hardware trends inexpensive and plentiful system memory, and the arrival of multicore processors make this work especially timely. PCE can harness these additional hardware resources to dramatically increase the reliability of existing software. A prototype implementation of PCE has been developed that offers protection for off-the-shelf applications written in C or C++. This prototype, called DieHard, imposes little runtime overhead for most applications. Additional replicas add protection while DieHard's performance scales to large numbers of multiple processors and processing cores. DieHard allows programs to execute correctly with high probability, provably protecting them against a broad range of errors and attacks. This project explores various extensions to PCE, including tolerating race conditions, continuing execution in the face of memory leaks, extending it to a broader class of applications, and using PCE for bug detection.
View original record on NSF Award Search →