Assuring Design Diversity in N-Version Software: A Design Paradigm for N-Version Programming

Lyu, Michael R.; Avižienis, A.

doi:10.1007/978-3-7091-9198-9_10

Cited by 28 publications

(11 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Design diversity has been applied to both software and hardware systems. -version programming [3], [13] is an example of diversity in software systems. In [12], a good historical overview of fault-tolerant design methodologies and architectures for safety-critical real-time applications is provided.…”

Section: A Past Workmentioning

confidence: 99%

Diversity and System Security: A Game Theoretic Perspective

Brahma

Kwiat

Varshney

et al. 2014

2014 IEEE Military Communications Conference

View full text Add to dashboard Cite

It has been argued that systems that are comprised of similar components (i.e., a monoculture) are more prone to attacks than a system that exhibits diversity. But it is not currently clear how much diversity is needed and how to leverage the underlying diversity in the design space. Here we attempt to study these issues using a Game Theoretic model comprised of multiple systems and an attacker. The model illustrates how the concept of the Nash Equilibrium provides a theoretical framework for designing strategic security solutions and how the mixed strategy solution space provides a conceptual basis for defining optimal randomization techniques that can exploit the underlying diversity. The paper also studies how strategic behavior influences the diversity and vulnerability of an overall system. Simulation results provide further insights into the effectiveness of our solution approach and the dynamics of strategic interaction in the context of system security.

show abstract

Section: A Past Workmentioning

confidence: 99%

Diversity and System Security: A Game Theoretic Perspective

Brahma

Kwiat

Varshney

et al. 2014

2014 IEEE Military Communications Conference

View full text Add to dashboard Cite

show abstract

“…First, coincident failures are the result of unwanted commonalties between different instances, and various strategies are employed to minimize and eliminate these commonalities (see for e.g. [11], [12]). Falsepositives, however, result from the desired divergence between instances and we believe that, in general, the approach grows stronger as these differences increase.…”

Section: A General Frameworkmentioning

confidence: 99%

Towards a formal framework for evaluating the effectiveness of system diversity when applied to security

Khoury

Hamou-Lhadj

Couture

2012

2012 IEEE Symposium on Computational Intelligence for Security and Defence Applications

View full text Add to dashboard Cite

N-version programming has been shown to be an effective way to increase the reliability of systems. In this study, we examine the possibility of extending this approach to address security, rather than reliability concerns. We focus specifically on how to evaluate the efficiency of the use of diversity for security. We show that while several key elements must be taken into account when N-version programming is used for security rather than reliability, it is nonetheless possible to devise a reasoning framework to evaluate the efficiency of this development paradigm in a security context. This framework allows us to reason about the most effective way to use diversity for security.

show abstract

“…Both of the two kinds can be seen as diversity in different phases of a piece of software. For example, N-variant programming [3], which belongs to the managed diversity, produces functionequivalent versions of software in the software designing phase, while ASLR (Address Space Layout Randomization) [4], which belongs to the automated diversity [5], produces different executions for the same program in the software executing phase. The core of the software diversity for the security purpose is to make differences in the lifecycle of the software so as to increase the attacking difficulty.…”

Section: Introductionmentioning

confidence: 99%

A Diversity Metric Based Study on the Correlation between Diversity and Security

Tong

Guo

et al. 2019

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Software diversity can be utilized in cyberspace security to defend against the zero-day attacks. Existing researches have proved the effectiveness of diversity in bringing security benefits, but few of them touch the problem that whether there is a positive correlation between the security and the diversity. In addition, there is little guidance on how to construct an effective diversified system. For that, this paper develops two diversity metrics based on system attribute matrix, proposes a diversity measurement and verifies the effectiveness of the measurement. Through several simulations on the diversified systems which use voting strategy, the relationship between diversity and security is analyzed. The results show that there is an overall positive correlation between security and diversity. Though some cases are against the correlation, further analysis is made to explain the phenomenon. In addition, the effect of voting strategy is also discussed through simulations. The results show that the voting strategy have a dominant impact on the security, which implies that security benefits can be obtained only with proper strategies. According to the conclusions, some guidance is provided in constructing a more diversified as well as securer system.

show abstract

Assuring Design Diversity in N-Version Software: A Design Paradigm for N-Version Programming

Cited by 28 publications

References 21 publications

Diversity and System Security: A Game Theoretic Perspective

Diversity and System Security: A Game Theoretic Perspective

Towards a formal framework for evaluating the effectiveness of system diversity when applied to security

A Diversity Metric Based Study on the Correlation between Diversity and Security

Contact Info

Product

Resources

About