Rewind & Discard: Improving Software Resilience using Isolated Domains.

Well-known defenses exist to detect and mitigate common faults and memory safety vulnerabilities in software. Yet, many of these mitigations do not address the challenge of software resilience and availability, i.e., whether a system can continue to carry out its function and remain responsive, while being under attack and subjected to malicious inputs. In this paper we propose secure rewind and discard of isolated domains as an efficient and secure method of improving the resilience of software that is targeted by run-time attacks. In difference to established approaches, we rely on compartmentalization instead of replication and checkpointing. We show the practicability of our methodology by realizing a software library for Secure Domain Rewind and Discard (SDRaD) and demonstrate how SDRaD can be applied to real-world software.