Reducing Risks of Widespread
Download
1 / 27

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK - PowerPoint PPT Presentation


  • 180 Views
  • Uploaded on

Reducing Risks of Widespread Faults and Attacks for Commercial Applications: Towards Diversity Of Software Components. Marco Casassa Mont Adrian Baldwin Yolanta Beres Keith Harrison Martin Sadler Simon Shiu. Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK' - menora


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Reducing Risks of Widespread

Faults and Attacks for

Commercial Applications:

Towards Diversity

Of Software Components

Marco Casassa Mont

Adrian Baldwin

Yolanta Beres

Keith Harrison

Martin Sadler

Simon Shiu

Trusted Systems Laboratory

Hewlett-Packard Laboratories

Bristol, UK

COMPSAC 2002

Oxford,26-29 August 2002


Slide2 l.jpg

Outline

  • Recent Trends in Commercial Software

  • Problem: Large Scale Attacks and Faults due to

  • Lack of Software Diversity

  • Software Diversity: Current Approaches

  • An Alternative Approach to Diversity

  • Work in Progress: Experiments …

  • Conclusions


Slide3 l.jpg

Commercial Software

Recent Trends


Slide4 l.jpg

Commercial Software

Recent Trends


Slide5 l.jpg

Problem

Lack of Diversity of

Commercial Software

with Large Installation base


Slide6 l.jpg

Software Diversity:

Current Approaches


Slide7 l.jpg

SW

Version 1

SW

Version 2

Decision

Algorithms,

Voting

SW

Version 3

Software Diversity:

Current Approaches


Slide8 l.jpg

SW

Version 1

SW

Version 2

Decision

Algorithms,

Voting

SW

Version 3

Software Diversity:

Current Approaches


Slide9 l.jpg

Software Diversity:

Current Approaches




Slide12 l.jpg

Requirements vs.

Prior Art Solutions


Slide13 l.jpg

Commercial Software

foundation classes

(.NET, JDK, …)

.dlls

.class

  • Usually Made of Components

  • Components have well defined Interfaces (APIs)


Slide14 l.jpg

Proposed Approach

Diversity at the Installation Time


Slide15 l.jpg

Proposed Approach

Diversity at the Installation Time

Component X

Implementation 2

Implementation 1

Implementation 3

SW Installation

Implementation 2


Slide16 l.jpg

Software

A: A.1, A.2

B: B.1

C: C.1, C.2, C.3

Multiple

Available

Implementations

Installation

Script

Software

Components

A B C

Software

Installer

Random-selector

Module

Installation

Knowledge

base

Installation

Engine

Installation 1

Installation 2

Persistent

Configuration

File

A.2

B.1

C.3

A.1

B.1

C.2

Model

Installation

Package

Installed

Software


Slide17 l.jpg

Variants of the Model

For Organisations, Enterprises, etc.:



Slide19 l.jpg

Experiments

  • We Built a Simulator to Experiment about the Effectiveness

  • of the Proposed Model.

  • Scenario: Large Population of Systems Under Attack by a

  • Worm with a Behaviour Similar to Code Red

  • Setting: Creation of a Number of Virtual Machines (6000)

  • each with an IP Address and a List of the Installed

  • Components


Slide20 l.jpg

Component

Implementations

Time

Experiment #1

  • Hypothesis: Only 1 Type of Component is Infectable by the Virus

  • Progressively Increase the Diversity of the Targeted Component

  • (Number Of Alternative Implementations: Ranging from 1 to 6)


Slide21 l.jpg

Implementation

Implementations

Implementations

Time

Experiment #2

  • Hypothesis: All Component Implementations are Infectable by the Virus

  • Multiple Attack Strategies of the Virus, each Targeting a Specific

  • Implementation

  • Increase the Diversity of the Targeted Component

  • (Number Of Alternative Implementations: Ranging from 1 to 3)






Slide26 l.jpg

Conclusions

1. Importance of Addressing the Lack of Diversity for Widely

Deployed Commercial Software.

2. Importance of Effectively Protecting a Large Population of

Systems as a Whole Entity, rather than Single Systems.

3. We Propose an Alternative Model for Diversity based on Multiple Implementations of Critical Components and Their Random Installation, at the Deployment time: No Need for Additional Resources.

4. Work in Progress: we are Learning by making more

Experiments and Real Development of Applications based on

our Method …