Frankencode: Creating Diverse Programs Using Code Clones

In this paper, we present an approach to detecting novel cyber attacks though a form of program diversification, similar to the use of n-version programming for fault tolerant systems. Building on extensive previous and ongoing work by others on the use of code clones in a wide variety of areas, our Functionally Equivalent Variants using Information Synchronization (FEVIS) system automatically generates program variants to be run in parallel, seeking to detect attacks through divergence in behavior. Unlike approaches to diversification that only change program memory layout and behavior, FEVIS can detect attacks exploiting vulnerabilities in execution timing, string processing, and other logic errors.

We are in the early stages of research and development for this approach, but have made sufficient progress to provide a proof of concept and some lessons learned. In this paper we describe FEVIS and its application to diversifying an open-source webserver, with results on several different example classes of attack which FEVIS will detect.