1 / 27

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK

Reducing Risks of Widespread Faults and Attacks for Commercial Applications: Towards Diversity Of Software Components. Marco Casassa Mont Adrian Baldwin Yolanta Beres Keith Harrison Martin Sadler Simon Shiu. Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK.

dmosley
Download Presentation

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Reducing Risks of Widespread Faults and Attacks for Commercial Applications: Towards Diversity Of Software Components Marco Casassa Mont Adrian Baldwin Yolanta Beres Keith Harrison Martin Sadler Simon Shiu Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK COMPSAC 2002 Oxford,26-29 August 2002

  2. Outline • Recent Trends in Commercial Software • Problem: Large Scale Attacks and Faults due to • Lack of Software Diversity • Software Diversity: Current Approaches • An Alternative Approach to Diversity • Work in Progress: Experiments … • Conclusions

  3. Commercial Software Recent Trends

  4. Commercial Software Recent Trends

  5. Problem Lack of Diversity of Commercial Software with Large Installation base

  6. Software Diversity: Current Approaches

  7. SW Version 1 SW Version 2 Decision Algorithms, Voting SW Version 3 Software Diversity: Current Approaches

  8. SW Version 1 SW Version 2 Decision Algorithms, Voting SW Version 3 Software Diversity: Current Approaches

  9. Software Diversity: Current Approaches

  10. Our Objective

  11. Requirements

  12. Requirements vs. Prior Art Solutions

  13. Commercial Software foundation classes (.NET, JDK, …) .dlls .class … • Usually Made of Components • Components have well defined Interfaces (APIs)

  14. Proposed Approach Diversity at the Installation Time

  15. Proposed Approach Diversity at the Installation Time Component X Implementation 2 Implementation 1 Implementation 3 SW Installation Implementation 2

  16. Software A: A.1, A.2 B: B.1 C: C.1, C.2, C.3 Multiple Available Implementations Installation Script Software Components A B C Software Installer Random-selector Module Installation Knowledge base Installation Engine Installation 1 Installation 2 Persistent Configuration File A.2 B.1 C.3 A.1 B.1 C.2 Model Installation Package Installed Software

  17. Variants of the Model For Organisations, Enterprises, etc.:

  18. Properties

  19. Experiments • We Built a Simulator to Experiment about the Effectiveness • of the Proposed Model. • Scenario: Large Population of Systems Under Attack by a • Worm with a Behaviour Similar to Code Red • Setting: Creation of a Number of Virtual Machines (6000) • each with an IP Address and a List of the Installed • Components

  20. Component Implementations Time Experiment #1 • Hypothesis: Only 1 Type of Component is Infectable by the Virus • Progressively Increase the Diversity of the Targeted Component • (Number Of Alternative Implementations: Ranging from 1 to 6)

  21. Implementation Implementations Implementations Time Experiment #2 • Hypothesis: All Component Implementations are Infectable by the Virus • Multiple Attack Strategies of the Virus, each Targeting a Specific • Implementation • Increase the Diversity of the Targeted Component • (Number Of Alternative Implementations: Ranging from 1 to 3)

  22. Analysis

  23. Discussion

  24. Discussion

  25. Current and Future Work

  26. Conclusions 1. Importance of Addressing the Lack of Diversity for Widely Deployed Commercial Software. 2. Importance of Effectively Protecting a Large Population of Systems as a Whole Entity, rather than Single Systems. 3. We Propose an Alternative Model for Diversity based on Multiple Implementations of Critical Components and Their Random Installation, at the Deployment time: No Need for Additional Resources. 4. Work in Progress: we are Learning by making more Experiments and Real Development of Applications based on our Method …

More Related