Towards service continuity for transactional applications via diverse device drivers Online publication date: Tue, 22-Nov-2016
by Shengzhi Zhang; Xiaoqi Jia; Peng Liu
International Journal of Information and Computer Security (IJICS), Vol. 8, No. 4, 2016
Abstract: Existing techniques, such as state roll-back or replay can preserve as much accumulated 'state' as possible when one application is compromised. However, when operating system kernel is compromised, e.g., driver vulnerability exploitation, the default behaviour of most commodity operating systems today is to reboot from a clean initial state. All the running applications also need to be terminated and restarted, thus losing their accumulated 'work in progress' states. In this paper, we propose to leverage virtualisation technique to produce operating system replicas with driver diversity. By replicating transactional application on each replica and loosely synchronising them, we validate the output, critical memory regions and persistent data of transactional applications, thus detecting intrusion stemming from driver code vulnerability. We implement such diversity approach on Xen hypervisor, and rely on a proxy to conduct request replication and response validation. Our evaluation demonstrates that the proposed approach can accurately and immediately detect driver-bug-orientated exploitation and achieve on-the-fly intrusion response to ensure the correctness/continuity of the applications' execution. We only incur 4.44% and 4.7% overhead to response time and CPU respectively in the best case.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook