Abstract

The multi-variant execution environment (MVEE) is useful to protect software against network attacks by executing and monitoring the multiple instances (variants) of the target software in a synchronized manner. Applying MVEEs to in-memory key-value stores (KVSes), often written in unsafe languages like C, such as Redis and Memcached, enhances the security of web services since they suffer from memory vulnerabilities. However, it does not come for free to run in-memory KVSes on MVEEs. Since in-memory KVSes store a tremendous number of KVs in their own address spaces, the memory space overhead of executing multiple variants of the in-memory KVS is non-trivial. This paper presents MvKVS, an MVEE system tailored for in-memory KVSes. To launch multiple variants of the target in-memory KVS, MvKVS lowers the total memory utilization of the variants as much as possible by aggressively merging shareable memory pages. We prototyped MvKVS in Linux 4.4.185 and conducted experiments using Redis 6.2.4. The experimental results show that our prototype gracefully mitigates memory consumption with multiple Redis variants.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.