Skip to main content

“At a conference, when you win the best paper award, you’re typically notified ahead of time to ensure you’re in the room when they make the announcement,” says Michael Franz, Distinguished Professor of Computer Science at UC Irvine. However, that wasn’t the case at the 2024 Annual Computer Security Applications Conference (ACSAC), so Franz was a bit stunned during the opening remarks in Honolulu on December 9, 2024, when his paper was named as an award recipient. “Lots of people miss these early morning opening ceremonies, so I am pleased to report that we were present when our names were announced.”

I’ll Be There for You! Perpetual Availability in the A^8 MVX System,” by André Rösti, Stijn Volckaert, Franz and Alexios Voulimeneas, received the Best Paper Award — one of only two papers recognized of the 83 ACSAC papers, selected from 424 submissions. In its 40th year, ACSAC is one of the oldest computer science conferences, and Franz, Rösti and Voulimeneas attended to present their innovative work.

Alexios Voulimeneas, André Rösti and Michael Franz stand together. The title of their paper appears on a screen behind them.
Recipients of the ACSAC Best Paper Award (from left): Alexios Voulimeneas, André Rösti and Michael Franz (not pictured: Stijn Volckaert).

“Getting to go to Hawaii to present was already an amazing reward for our work, and the Best Paper Award definitely was the cherry on top,” says Rösti, a Ph.D. student advised by Franz in the Donald Bren School of Information and Computer Sciences (ICS). Volckaert was an ICS postdoctoral scholar who is now a professor at KU Leuven, and Voulimeneas was an ICS Ph.D. student who recently earned tenure as a professor at TU Delft.

Their paper presents A^8 — for “Apparatus Assuring Applications Are Always Available Amid Attacks.” This multivariant execution (MVX) system can not only detect attacks but also recover from them, increasing the security of critical software applications.

“What we built is the first system that doesn’t just stop when it detects an attack,” says Franz. “It can actually roll back and continue operating. So, this is the first survivable system of its kind described in the academic literature.”

The work builds on years of research in ICS, which has been at the forefront of heterogeneous, multivariant execution. “This paper is not starting from scratch,” says Franz, noting that ICS researchers helped pioneer the idea of fighting against attacks by getting rid of the software monoculture.

“Many years ago, we started experimenting with software diversity… then we thought, for scenarios where you need even higher assurance, how about running two different versions in parallel?” This approach is very effective at detecting attacks, but it then terminates execution.

The proposed A^8 system is unique in that it creates checkpoints and, upon detection of irregular behavior, forces a roll-back to the last available checkpoint. “The first innovation of our work is survivability, which nobody else has demonstrated,” says Franz.

A second innovation of the system is that the two versions run on different architectures — there is an Intel version and an ARM version. “That makes it even more difficult for attackers, because now they have to craft an attack that works on two different processors,” says Franz.

Another advantage is increased system efficiency. “Practical is the magic word here,” explains Franz, noting that the system can maintain up to 71 percent of performance throughput compared to native execution. “So we’re talking about a 30 percent performance penalty, which might sound like a lot, but there are many applications where people are willing to pay that for increased security.” This is especially the case for systems with a long and expensive process for restarting.

“Imagine you have a satellite, or a spacecraft, where it becomes really difficult to just reboot after an attack,” says Franz. He cites a power grid as another example. “There’s lots of critical infrastructure that you would like to be a lot more reliable than your average PC!”

Franz further stresses that the 30 percent performance penalty is a starting point. “Industry can probably get it down to 10 percent with more manpower behind it, more engineering. We can use this as a building block for really resilient, practical heterogeneous systems,” he says. “That’s the next generation of software defenses.”

Shani Murray

Skip to content