Toward Software Diversity in Heterogeneous Networked Systems

  • Chu Huang
  • Sencun Zhu
  • Robert Erbacher
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8566)

Abstract

When there are either design or implementation flaws, a homogeneous architecture is likely to be disrupted entirely by a single attack (e.g., a worm) that exploits its vulnerability. Following the survivability through heterogeneity philosophy, we present a novel approach to improving survivability of networked systems by adopting the technique of software diversity. Specifically, we design an efficient algorithm to select and deploy a set of off-the-shelf software to hosts in a networked system, such that the number and types of vulnerabilities presented on one host would be different from that on its neighboring nodes. In this way, we are able to contain a worm in an isolated “island”. This algorithm addresses software assignment problem in more complex scenarios by taking into consideration practical constraints, e.g., hosts may have diverse requirements based on different system prerequisites. We evaluate the performance of our algorithm through simulations on both simple and complex system models. The results confirm the effectiveness and scalability of our algorithm.

Keywords

Chrome Compro 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lala, J.H., Schneider, F.B.: It monoculture security risks and defenses. IEEE Security & Privacy 7(1), 12–13 (2009)CrossRefGoogle Scholar
  2. 2.
    Stamp, M.: Risks of monoculture. Communications of the ACM 47(3), 120 (2004)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Zhang, Y., Vin, H., Alvisi, L., Lee, W., Dao, S.K.: Heterogeneous networking: a new survivability paradigm. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 33–39. ACM (2001)Google Scholar
  4. 4.
    Yang, Y., Zhu, S., Cao, G.: Improving sensor network immunity under worm attacks: a software diversity approach. In: Proceedings of the 9th ACM International Symposium on Mobile Ad Hoc Networking and Computing, pp. 149–158. ACM (2008)Google Scholar
  5. 5.
    O’Donnell, A.J., Sethu, H.: On achieving software diversity for improved network security using distributed coloring algorithms. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 121–131. ACM (2004)Google Scholar
  6. 6.
    Han, J., Gao, D., Deng, R.H.: On the effectiveness of software diversity: A systematic study on real-world vulnerabilities. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 127–146. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 574–588. IEEE (2013)Google Scholar
  8. 8.
    Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: USENIX Security Symposium (2012)Google Scholar
  9. 9.
    Davi, L.V., Dmitrienko, A., Nürnberger, S., Sadeghi, A.R.: Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and arm. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 299–310. ACM (2013)Google Scholar
  10. 10.
    Philippaerts, P., Younan, Y., Muylle, S., Piessens, F., Lachmund, S., Walter, T.: Code pointer masking: Hardening applications against code injection attacks. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 194–213. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 127–132. ACM (2012)Google Scholar
  12. 12.
    Salamat, B., Jackson, T., Gal, A., Franz, M.: Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 33–46. ACM (2009)Google Scholar
  13. 13.
    Jensen, T.R., Toft, B.: Graph coloring problems, vol. 39. John Wiley & Sons (2011)Google Scholar
  14. 14.
    Chang, R.Y., Tao, Z., Zhang, J., Kuo, C.C.: A graph approach to dynamic fractional frequency reuse (ffr) in multi-cell ofdma networks. In: IEEE International Conference on Communications, ICC 2009, pp. 1–6. IEEE (2009)Google Scholar
  15. 15.
    Voigt, M.: List colourings of planar graphs. Discrete Mathematics 120(1), 215–219 (1993)CrossRefMATHMathSciNetGoogle Scholar
  16. 16.
    Hujter, M., Tuza, Z.: Precoloring extension. ii. Graph classes related to bipartite graphs. Acta Mathematica Universitatis Comenianae 62(1), 1–11 (1993)MATHMathSciNetGoogle Scholar
  17. 17.
    Bulatov, A.A.: H-coloring dichotomy revisited. Theoretical Computer Science 349(1), 31–39 (2005)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Tuza, Z.: Graph colorings with local constraints-a survey. Discussiones Mathematicae Graph Theory 17(2), 161–228 (1997)CrossRefMATHMathSciNetGoogle Scholar
  19. 19.
    Borodin, A., Ivan, I., Ye, Y., Zimny, B.: On sum coloring and sum multi-coloring for restricted families of graphs. Theoretical Computer Science 418, 1–13 (2012)CrossRefMATHMathSciNetGoogle Scholar
  20. 20.
    Welsh, D.J., Powell, M.B.: An upper bound for the chromatic number of a graph and its application to timetabling problems. The Computer Journal 10(1), 85–86 (1967)CrossRefMATHGoogle Scholar
  21. 21.
    Bollobás, B.: The chromatic number of random graphs. Combinatorica 8(1), 49–55 (1988)CrossRefMATHMathSciNetGoogle Scholar
  22. 22.
  23. 23.
    Premo, L.: Local extinctions, connectedness, and cultural evolution in structured populations. Advances in Complex Systems 15(01n02) (2012)Google Scholar
  24. 24.
    Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Moving Target Defense, pp. 77–98. Springer (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Chu Huang
    • 1
  • Sencun Zhu
    • 1
    • 2
  • Robert Erbacher
    • 3
  1. 1.School of Information Science and TechnologyPenn State UniversityUSA
  2. 2.Department of Computer Science and EngineeringPenn State UniversityUSA
  3. 3.U.S. Army Research Laboratory(ARL)USA

Personalised recommendations