Multi-Variant Execution Research of Software Diversity

Abstract As more and more software products are threatened by malicious reverse analysis, along with software products are pirated, tampered with and so on, it is of great significance to study software security protection technology in depth. As a software security protection technology, software diversification introduces uncertainty into the target program and provides probabilistic protection for the target program. Multi-Variant Execution (MVE) are fine-grained implementation of software diversification that produces functionally identical variants at the system call level. This article first introduces the related concepts of multi-variant execution. Secondly, it expounds the key technologies of multi-variant execution implementation-variant generation, variant monitor, input/output and synchronization, monitor-variant communication. Security of monitors and different variant communication technologies are analyzed and compared, their advantages and defects are pointed out respectively. Several implementation methods of multi-variant execution design are summarized. Finally, the reasons for the false negatives and false positives of attack events are analyzed, and the prospects and challenges of using multi-variant execution techniques to implement security systems are summarized.