Diversity-based approaches to software systems security

Communications in Computer and Information Science

Volumn 259 CCIS, Issue , 2011, Pages 228-237

  Gherbi, Abdelouahed ^a   Charpentier, Robert ^b  

^a ÉCOLE DE TECHNOLOGIE SUPÉRIEURE   (Canada)

^b DEFENCE RESEARCH AND DEVELOPMENT CANADA VALCARTIER   (Canada)

Author keywords

Diversity; Dynamic monitoring; IT monoculture; Security

Indexed keywords

CYBER-ATTACKS; DIVERSITY; DYNAMIC MONITORING; EFFECTIVE DYNAMICS; IT MONOCULTURE; MALWARES; RESEARCH ISSUES; SECURITY; SOFTWARE APPROACH; SOFTWARE SYSTEMS;

COMPUTER CRIME; COMPUTER SOFTWARE; COMPUTER SUPPORTED COOPERATIVE WORK; INFORMATION TECHNOLOGY;

SECURITY OF DATA;

EID: 84855414823     PISSN: 18650929     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-27189-2_24     Document Type: Conference Paper

References (30)

1. Atighetchi, M., Rubel, P., Pal, P.P., Chong, J., Sudin, L.: Networking aspects in the dpasa survivability architecture: An experience report. In: Fourth IEEE International Symposium on Network Computing and Applications (NCA 2005), pp. 219-222. IEEE Computer Society (2005)
2. Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11-33 (2004)
3. Bain, C., Faatz, D.B., Fayad, A., Williams, D.E.: Diversity as a defense strategy in information systems. does evidence from previous events support such an approach? In: Gertz, M., Guldentops, E., Strous, L. (eds.) Fourth Working Conference on Integrity, Internal Control and Security in Information Systems, IICIS 2001. IFIP Conference Proceedings, vol. 211, pp. 77-94. Kluwer (2001)
4. Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 281-289. ACM (2003)
5. Bessani, A.N., Reiser, H.P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A., Obelheiro, R.R.: Forever: Fault/intrusion removal through evolution & recovery. In: Douglis, F. (ed.) ACM/IFIP/USENIX 9th International Middleware Conference, pp. 99-101. ACM (2008)
6. Bhatkar, S., Sekar, R.: Data Space Randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1-22. Springer, Heidelberg (2008)
7. Chong, J., Pal, P.P., Atighetchi, M., Rubel, P., Webber, F.: Survivability architecture of a mission critical system: The dpasa example. In: 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 495-504. IEEE Computer Society (2005)
8. Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: a secretless framework for security through diversity. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium. USENIX Association, Berkeley (2006)
9. Deswarte, Y., Kanoun, K., Laprie, J.C.: Diversity against accidental and deliberate faults. In: Ammann, P., Barnes, B.H., Jajodia, S., Sibley, E.H. (eds.) Computer Security, Dependability, and Assurance: From Needs to Solutions, November 1998, pp. 171-181. IEEE Computer Press, Williamsburg (1998)
10. Deswarte, Y., Powell, D.: Intrusion tolerance for internet applications. In: Jacquart, R. (ed.) Building the Information Society, IFIP 18th World Computer Congress, pp. 241-256. Kluwer (2004)
11. Forrest, S., Somayaji, A., Ackley, D.H.: Building diverse computer systems. In: Workshop on Hot Topics in Operating Systems, pp. 67-72 (1997)
12. Gao, D., Reiter, M.K., Song, D.X.: Behavioral Distance Measurement Using Hidden Markov Models. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 19-40. Springer, Heidelberg (2006) (Pubitemid 44617845)
13. Gao, D., Reiter, M.K., Song, D.X.: Behavioral Distance for Intrusion Detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 63-81. Springer, Heidelberg (2006)
14. Gherbi, A., Charpentier, R., Couture, M.: Redundancy with diversity based software architectures for the detection and tolerance of cyber-attacks. Technical Memorandum TM-2010-287, Defence Reasearch and Development Canada - DRDC Valcartier (2010)
15. Hamou-Lhadj, A.: Measuring the complexity of traces using shannon entropy. In: Fifth International Conference on Information Technology: New Generations (ITNG 2008), pp. 489-494. IEEE Computer Society (2008)
16. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272-280. ACM (2003)
17. Lala, J.H., Schneider, F.B.: It monoculture security risks and defenses. IEEE Security & Privacy 7(1), 12-13 (2009)
18. Pal, P.P., Rubel, P., Atighetchi, M., Webber, F., Sanders, W.H., Seri, M., Ramasamy, H.V., Lyons, J., Courtney, T., Agbaria, A., Cukier, M., Gossett, J.M., Keidar, I.: An architecture for adaptive intrusion-tolerant applications. Softw., Pract. Exper. 36(11-12), 1331-1354 (2006)
19. Reynolds, J.C., Just, J.E., Lawson, E., Clough, L.A., Maglich, R., Levitt, K.N.: The design and implementation of an intrusion tolerant system. In: International Conference on Dependable Systems and Networks (DSN 2002), pp. 285-292. IEEE Computer Society (2002)
20. Sames, D., Matt, B., Niebuhr, B., Tally, G., Whitmore, B., Bakken, D.E.: Developing a heterogeneous intrusion tolerant corba system. In: DSN 2002: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 239-248. IEEE Computer Society, Washington, DC, USA (2002)
21. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Atluri, V., Pfitzmann, B., Mc- Daniel, P.D. (eds.) Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298-307. ACM (2004)
22. Symantec: Symantec global internet security threat report - trends for 2008. Tech. Rep. Volume XIV, Symantec (2009)
23. Taylor, C., Alves-Foss, J.: Diversity as a computer defense mechanism: A panel. In: NSPW 2005: Proceedings of the 2005 Workshop on New Security Paradigms, pp. 11-14. ACM, New York (2005)
24. Lloyd's Emerging Risk Team: Digital risks: Views of a changing risk landscape. Tech. Rep. Volume XIV, Lloyd's (April 2009)
25. Totel, E., Majorczyk, F., Mé, L.: COTS Diversity Based Intrusion Detection and Application to Web Servers. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 43-62. Springer, Heidelberg (2006)
26. Valdes, A., Almgren, M., Cheung, S., Deswarte, Y., Dutertre, B., Levy, J., Saïdi, H., Stavridou, V., Uribe, T.E.: Dependable intrusion tolerance: Technology demo. In: 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), pp. 128-130. IEEE Computer Society (2003)
27. Veríssimo, P., Neves, N.F., Cachin, C., Poritz, J.A., Powell, D., Deswarte, Y., Stroud, R.J., Welch, I.: Intrusion-tolerant middleware: the road to automatic security. IEEE Security & Privacy 4(4), 54-62 (2006)
28. Wang, F., Jou, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., Trivedi, K.: Sitar: A scalable intrusion-tolerant architecture for distributed services. In: Foundations of Intrusion Tolerant Systems. IEEE Computer Society, Los Alamitos (2003)
29. Weatherwax, E., Knight, J., Nguyen-Tuong, A.: A Model of Secretless Security in N-Variant Systems. In: Workshop on Compiler and Architectural Techniques for Application Reliability and Security (CATARS), In the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Network, DSN 2009 (2009)
30. Whitehouse, O.: An analysis of address space layout randomization on windows vista. Tech. rep., Symantec (2007)