TY - GEN
T1 - Toward software diversity in heterogeneous networked systems
AU - Huang, Chu
AU - Zhu, Sencun
AU - Erbacher, Robert
PY - 2014
Y1 - 2014
N2 - When there are either design or implementation flaws, a homogeneous architecture is likely to be disrupted entirely by a single attack (e.g., a worm) that exploits its vulnerability. Following the survivability through heterogeneity philosophy, we present a novel approach to improving survivability of networked systems by adopting the technique of software diversity. Specifically, we design an efficient algorithm to select and deploy a set of off-the-shelf software to hosts in a networked system, such that the number and types of vulnerabilities presented on one host would be different from that on its neighboring nodes. In this way, we are able to contain a worm in an isolated "island". This algorithm addresses software assignment problem in more complex scenarios by taking into consideration practical constraints, e.g., hosts may have diverse requirements based on different system prerequisites. We evaluate the performance of our algorithm through simulations on both simple and complex system models. The results confirm the effectiveness and scalability of our algorithm.
AB - When there are either design or implementation flaws, a homogeneous architecture is likely to be disrupted entirely by a single attack (e.g., a worm) that exploits its vulnerability. Following the survivability through heterogeneity philosophy, we present a novel approach to improving survivability of networked systems by adopting the technique of software diversity. Specifically, we design an efficient algorithm to select and deploy a set of off-the-shelf software to hosts in a networked system, such that the number and types of vulnerabilities presented on one host would be different from that on its neighboring nodes. In this way, we are able to contain a worm in an isolated "island". This algorithm addresses software assignment problem in more complex scenarios by taking into consideration practical constraints, e.g., hosts may have diverse requirements based on different system prerequisites. We evaluate the performance of our algorithm through simulations on both simple and complex system models. The results confirm the effectiveness and scalability of our algorithm.
UR - http://www.scopus.com/inward/record.url?scp=84958521523&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958521523&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-43936-4_8
DO - 10.1007/978-3-662-43936-4_8
M3 - Conference contribution
AN - SCOPUS:84958521523
SN - 9783662439357
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 114
EP - 129
BT - Data and Applications Security and Privacy XXVIII - 28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Proceedings
PB - Springer Verlag
T2 - 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSEC 2014
Y2 - 14 July 2014 through 16 July 2014
ER -