We present GHUMVEE, a multi-variant execution engine for software intrusion detection. GHUMVEE transparently executes and monitors diversified replicae of processes to thwart attacks relying on a predictable, single data layout. Unlike existing tools, GHUMVEE's interventions in the process' execution are not limited to system call invocations. Because of that design decision, GHUMVEE can handle complex, multi-threaded real-life programs that display non-deterministic behavior as a result of non-deterministic thread scheduling and as a result of pointer-value dependent behavior. This capability is demonstrated on GUI programs from the Gnome and KDE desktop environments. © 2013 Springer-Verlag.
CITATION STYLE
Volckaert, S., De Sutter, B., De Baets, T., & De Bosschere, K. (2013). GHUMVEE: Efficient, effective, and flexible replication. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7743 LNCS, pp. 261–277). https://doi.org/10.1007/978-3-642-37119-6_17
Mendeley helps you to discover research relevant for your work.