Int J Parallel Prog DOI 10.1007/s10766-017-0523-0 RollSec: Automatically Secure Software States Against General Rollback Weiqi Dai 1 · Yukun Du 1 · Hai Jin 1 · Weizhong Qiang 1 · Deqing Zou 1 · Shouhuai Xu 2 · Zhongze Liu 1 Received: 4 September 2017 / Accepted: 18 September 2017 © Springer Science+Business Media, LLC 2017 Abstract The rollback mechanism is critical in crash recovery and debugging, but its security problems have not been adequately addressed. This is justified by the fact that existing solutions always require modifications on target software or only work for specific scenarios. As a consequence, rollback is either neglected or restricted or prohibited in existing systems. In this paper, we systematically characterize security threats of rollback as abnormal states of non-deterministic variables and resumed program points caused by rollback. Based on this, we propose RollSec (for Rollback Security), which provides general measurements including state extracting, recording, and compensating, to maintain correctness of these abnormal states for eliminating rollback threats. RollSec can automatically extract these states based on language- independent information of software as protection targets, which will be monitored during run-time, and compensated to correct states on each rollback without requiring extra modifications or supports of specific architectures. At last, we implement a prototype of RollSec to verify its effectiveness, and conduct performance evaluations which demonstrate that only acceptable overhead is introduced. Keywords Rollback security · General rollback problem · Automated protection · Non-deterministic state B Weizhong Qiang wzqiang@hust.edu.cn Shouhuai Xu shxu@sc.utsa.edu 1 Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, Huazhong University of Science and Technology, Wuhan 430074, China 2 Department of Computer Science, University of Texas at San Antonio, San Antonio, TX 78249, USA 123