Demo: A Symbolic N-Variant System

Abstract

This demo paper describes an approach to detect memory corruption attacks using artificial diversity. Our approach conducts offline symbolic execution of multiple variants of a system to identify paths which diverge in different variants. In addition, we build an efficient input matcher to check whether an online input matches the constraints of a diverging path, to detect potential malicious input. By evaluating the performance of a demo system built on Ghttpd, we find that per-input matching consumes only 70% to 96% of the real processing time in the master, which indicates a performance superiority for real world deployment.