Abstract
Software systems security represents a major concern as cyber-attacks continue to grow in number and sophistication. In addition to the increasing complexity and interconnection of modern information systems, these systems run significant similar software. This is known as IT monoculture. As a consequence, software systems share common vulnerabilities, which enable the spread of malware. The principle of diversity can help in mitigating the negative effects of IT monoculture on security. One important category of the diversity-based software approaches for security purposes focuses on enabling efficient and effective dynamic monitoring of software system behavior in operation. In this paper, we present briefly these approaches and we propose a new approach which aims at generating dynamically a diverse set of lightweight traces. We initiate the discussion of some research issues which will be the focus of our future research work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atighetchi, M., Rubel, P., Pal, P.P., Chong, J., Sudin, L.: Networking aspects in the dpasa survivability architecture: An experience report. In: Fourth IEEE International Symposium on Network Computing and Applications (NCA 2005), pp. 219–222. IEEE Computer Society (2005)
Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)
Bain, C., Faatz, D.B., Fayad, A., Williams, D.E.: Diversity as a defense strategy in information systems. does evidence from previous events support such an approach? In: Gertz, M., Guldentops, E., Strous, L. (eds.) Fourth Working Conference on Integrity, Internal Control and Security in Information Systems, IICIS 2001. IFIP Conference Proceedings, vol. 211, pp. 77–94. Kluwer (2001)
Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 281–289. ACM (2003)
Bessani, A.N., Reiser, H.P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A., Obelheiro, R.R.: Forever: Fault/intrusion removal through evolution & recovery. In: Douglis, F. (ed.) ACM/IFIP/USENIX 9th International Middleware Conference, pp. 99–101. ACM (2008)
Bhatkar, S., Sekar, R.: Data Space Randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1–22. Springer, Heidelberg (2008)
Chong, J., Pal, P.P., Atighetchi, M., Rubel, P., Webber, F.: Survivability architecture of a mission critical system: The dpasa example. In: 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 495–504. IEEE Computer Society (2005)
Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: a secretless framework for security through diversity. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium. USENIX Association, Berkeley (2006)
Deswarte, Y., Kanoun, K., Laprie, J.C.: Diversity against accidental and deliberate faults. In: Ammann, P., Barnes, B.H., Jajodia, S., Sibley, E.H. (eds.) Computer Security, Dependability, and Assurance: From Needs to Solutions, November 1998, pp. 171–181. IEEE Computer Press, Williamsburg (1998)
Deswarte, Y., Powell, D.: Intrusion tolerance for internet applications. In: Jacquart, R. (ed.) Building the Information Society, IFIP 18th World Computer Congress, pp. 241–256. Kluwer (2004)
Forrest, S., Somayaji, A., Ackley, D.H.: Building diverse computer systems. In: Workshop on Hot Topics in Operating Systems, pp. 67–72 (1997)
Gao, D., Reiter, M.K., Song, D.X.: Behavioral Distance Measurement Using Hidden Markov Models. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 19–40. Springer, Heidelberg (2006)
Gao, D., Reiter, M.K., Song, D.X.: Behavioral Distance for Intrusion Detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 63–81. Springer, Heidelberg (2006)
Gherbi, A., Charpentier, R., Couture, M.: Redundancy with diversity based software architectures for the detection and tolerance of cyber-attacks. Technical Memorandum TM-2010-287, Defence Reasearch and Development Canada - DRDC Valcartier (2010)
Hamou-Lhadj, A.: Measuring the complexity of traces using shannon entropy. In: Fifth International Conference on Information Technology: New Generations (ITNG 2008), pp. 489–494. IEEE Computer Society (2008)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280. ACM (2003)
Lala, J.H., Schneider, F.B.: It monoculture security risks and defenses. IEEE Security & Privacy 7(1), 12–13 (2009)
Pal, P.P., Rubel, P., Atighetchi, M., Webber, F., Sanders, W.H., Seri, M., Ramasamy, H.V., Lyons, J., Courtney, T., Agbaria, A., Cukier, M., Gossett, J.M., Keidar, I.: An architecture for adaptive intrusion-tolerant applications. Softw., Pract. Exper. 36(11-12), 1331–1354 (2006)
Reynolds, J.C., Just, J.E., Lawson, E., Clough, L.A., Maglich, R., Levitt, K.N.: The design and implementation of an intrusion tolerant system. In: International Conference on Dependable Systems and Networks (DSN 2002), pp. 285–292. IEEE Computer Society (2002)
Sames, D., Matt, B., Niebuhr, B., Tally, G., Whitmore, B., Bakken, D.E.: Developing a heterogeneous intrusion tolerant corba system. In: DSN 2002: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 239–248. IEEE Computer Society, Washington, DC, USA (2002)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM (2004)
Symantec: Symantec global internet security threat report – trends for 2008. Tech. Rep. Volume XIV, Symantec (2009)
Taylor, C., Alves-Foss, J.: Diversity as a computer defense mechanism: A panel. In: NSPW 2005: Proceedings of the 2005 Workshop on New Security Paradigms, pp. 11–14. ACM, New York (2005)
Lloyd’s Emerging Risk Team: Digital risks: Views of a changing risk landscape. Tech. Rep. Volume XIV, Lloyd’s (April 2009)
Totel, E., Majorczyk, F., Mé, L.: COTS Diversity Based Intrusion Detection and Application to Web Servers. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 43–62. Springer, Heidelberg (2006)
Valdes, A., Almgren, M., Cheung, S., Deswarte, Y., Dutertre, B., Levy, J., Saïdi, H., Stavridou, V., Uribe, T.E.: Dependable intrusion tolerance: Technology demo. In: 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), pp. 128–130. IEEE Computer Society (2003)
Veríssimo, P., Neves, N.F., Cachin, C., Poritz, J.A., Powell, D., Deswarte, Y., Stroud, R.J., Welch, I.: Intrusion-tolerant middleware: the road to automatic security. IEEE Security & Privacy 4(4), 54–62 (2006)
Wang, F., Jou, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., Trivedi, K.: Sitar: A scalable intrusion-tolerant architecture for distributed services. In: Foundations of Intrusion Tolerant Systems. IEEE Computer Society, Los Alamitos (2003)
Weatherwax, E., Knight, J., Nguyen-Tuong, A.: A Model of Secretless Security in N-Variant Systems. In: Workshop on Compiler and Architectural Techniques for Application Reliability and Security (CATARS), In the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Network, DSN 2009 (2009)
Whitehouse, O.: An analysis of address space layout randomization on windows vista. Tech. rep., Symantec (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gherbi, A., Charpentier, R. (2011). Diversity-Based Approaches to Software Systems Security. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-27189-2_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27188-5
Online ISBN: 978-3-642-27189-2
eBook Packages: Computer ScienceComputer Science (R0)