Article: Towards service continuity for transactional applications via diverse device drivers Journal: International Journal of Information and Computer Security (IJICS) 2016 Vol.8 No.4 pp.382 - 400 Abstract: Existing techniques, such as state roll-back or replay can preserve as much accumulated 'state' as possible when one application is compromised. However, when operating system kernel is compromised, e.g., driver vulnerability exploitation, the default behaviour of most commodity operating systems today is to reboot from a clean initial state. All the running applications also need to be terminated and restarted, thus losing their accumulated 'work in progress' states. In this paper, we propose to leverage virtualisation technique to produce operating system replicas with driver diversity. By replicating transactional application on each replica and loosely synchronising them, we validate the output, critical memory regions and persistent data of transactional applications, thus detecting intrusion stemming from driver code vulnerability. We implement such diversity approach on Xen hypervisor, and rely on a proxy to conduct request replication and response validation. Our evaluation demonstrates that the proposed approach can accurately and immediately detect driver-bug-orientated exploitation and achieve on-the-fly intrusion response to ensure the correctness/continuity of the applications' execution. We only incur 4.44% and 4.7% overhead to response time and CPU respectively in the best case. Inderscience Publishers - linking academia, business and industry through research

Title: Towards service continuity for transactional applications via diverse device drivers

Authors: Shengzhi Zhang; Xiaoqi Jia; Peng Liu

Addresses: Florida Institute of Technology, Melbourne, FL 32901, USA ' State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100195, China ' Pennsylvania State University, University Park, PA 16802, USA

Abstract: Existing techniques, such as state roll-back or replay can preserve as much accumulated 'state' as possible when one application is compromised. However, when operating system kernel is compromised, e.g., driver vulnerability exploitation, the default behaviour of most commodity operating systems today is to reboot from a clean initial state. All the running applications also need to be terminated and restarted, thus losing their accumulated 'work in progress' states. In this paper, we propose to leverage virtualisation technique to produce operating system replicas with driver diversity. By replicating transactional application on each replica and loosely synchronising them, we validate the output, critical memory regions and persistent data of transactional applications, thus detecting intrusion stemming from driver code vulnerability. We implement such diversity approach on Xen hypervisor, and rely on a proxy to conduct request replication and response validation. Our evaluation demonstrates that the proposed approach can accurately and immediately detect driver-bug-orientated exploitation and achieve on-the-fly intrusion response to ensure the correctness/continuity of the applications' execution. We only incur 4.44% and 4.7% overhead to response time and CPU respectively in the best case.

Keywords: intrusion detection; intrusion response; transactional applications; service continuity; service availability; virtualisation; operating system replicas; driver diversity; driver code vulnerability; output validation; critical memory regions; persistent data.

DOI: 10.1504/IJICS.2016.080428

International Journal of Information and Computer Security, 2016 Vol.8 No.4, pp.382 - 400

Accepted: 30 Mar 2016
Published online: 22 Nov 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Towards service continuity for transactional applications via diverse device drivers

Keep up-to-date