Data Randomization for Multi-Variant Execution Environment

Abstract

The majority of embedded software is written in C/C++ language, which suffers from an abundance of memory vulnerabilities which open gate to attackers to infiltrate into the computer system. Multi-variant execution environment (MVEE) has been proposed to utilize multi-core embedded processors to provide efficient protection against attackers utilizing memory vulnerabilities. The security provided by MVEE depends on the degree of randomization between the variants. Existing MVEEs typically randomize the data layout between the variants, which can fail to detect some attacks based on relative memory errors. In this paper, we propose to apply data space randomization (DSR) to the variants of MVEE to strengthen the security provided by the MVEE. Experiments show that it adds reasonable performance overheads.