Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space

Free registration required

Executive Summary

In a Multi-Variant Execution Environment (MVEE), several slightly different versions of the same program are executed in lockstep. While this is done, a monitor compares the behavior of the versions at certain synchronization points with the aim of detecting discrepancies which may indicate attacks. As it shows, the monitor can be implemented entirely in user space, eliminating the need for kernel modifications. As a result, the monitor is not a part of the trusted code base.

  • Format: PDF
  • Size: 405.3 KB