Toward Software Diversity in Heterogeneous Networked Systems

Huang, Chih‐Cheng; Zhu, Sencun; Erbacher, Robert F.

doi:10.1007/978-3-662-43936-4_8

Cited by 13 publications

(8 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another two different applications of network diversity for increasing network survivability and reliability were introduced in the contexts of cyber-security [34][35][36][37] and virus contention [38][39][40][41]. In [34,35] attack graphs and attack paths are defined as the ways an attacker can get access to a network asset.…”

Section: Related Workmentioning

confidence: 99%

“…In [39], three random-distributed techniques were developed to sub-optimally solve the NP-hard perfect coloring problem in non-exponential time. Huang et al proposed the graph multicoloring problem to minimize the number of shared software executed on neighboring nodes [40]. Should malware compromises software in one node, this would stay contained in the subgraph containing the node and the neighbors with the common vulnerability.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

et al. 2019

View full text Add to dashboard Cite

Current data networks are highly homogeneous because of management, economic, and interoperability reasons. This technological homogeneity introduces shared risks, where correlated failures may entirely disrupt the network operation and impair multiple nodes. In this paper, we tackle the problem of improving the resilience of homogeneous networks, which are affected by correlated node failures, through optimal multiculture network design. Correlated failures regarded here are modeled by SRNG events. We propose three sequential optimization problems for maximizing the network resilience by selecting as different node technologies, which do not share risks, and placing such nodes in a given topology. Results show that in the 75% of real-world network topologies analyzed here, our optimal multiculture design yields networks whose probability that a pair of nodes, chosen at random, are connected is 1, i.e., its ATTR metric is 1. To do so, our method efficiently trades off the network heterogeneity, the number of nodes per technology, and their clustered location in the network. In the remaining 25% of the topologies, whose average node degree was less than 2, such probability was at least 0.7867. This means that both multiculture design and topology connectivity are necessary to achieve network resilience.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Common vulnerabilities in neighbor nodes allow an attacker to employ the same tool to gain control of both nodes, easing how the attacker acquires targets in the network by propagation. To avoid the exploitation of 0-day shared vulnerabilities in such fashion, works like [14], [31]- [33] propose to diversify the network resources implemented in neighbor nodes. The models and problem statements presented in the works above improved our vision on network diversity methods.…”

Section: Related Workmentioning

confidence: 99%

“…However, works like [24], [25], and the vulnerability disclosure databases [9]- [13] reveal that apparently unrelated implementations could share common risks due to code reutilization, third-party software applications, etc. In the literature, other authors have considered shared vulnerabilities, such as [14], [31]- [33], [37], [41]- [43]. Some authors take into account shared vulnerabilities assessing the number of common vulnerabilities disclosed between the available technologies.…”

Section: Related Workmentioning

confidence: 99%

Maximizing Network Reliability to 0-Day Exploits Through a Heterogeneous Node Migration Strategy

2021

View full text Add to dashboard Cite

A recurrent problem currently affecting network reliability is the simultaneous exploitation of 0-day vulnerabilities shared between several node implementations across the network. When such 0-day vulnerabilities are exploited, large portions of the network may get compromised as a result. In this work, we propose a network node migration strategy to minimize the impact of 0-day attacks on network reliability. The migration method proposes replacing homogeneous node implementations with diverse alternatives to yield a heterogeneous network. The migration method allocates heterogeneous nodes within the network by minimizing the product between the average and the maximum number of network partitions, which may emerge after the simultaneous exploitation of 0-day risks on shared network resources. As we show, our migration strategy maximizes network connectivity in the event of a simultaneous 0-day attack. Our work's significant findings are the following: First, increasing the heterogeneity in node technologies reduces the attacker's ability to break down the entire network. Second, given a set of available network technologies that partially share risks, a network design implemented using several heterogeneous technologies sharing a small number of 0-day risks is more reliable than one with a small number of technologies whose 0-day risks are disjoint. Third, we observed that in a node-heterogeneous network topology, clustering nodes by technology improves network reliability.INDEX TERMS Network diversity, network reliability, 0-day vulnerabilities, connected components.

show abstract

“…By solving this problem, it achieves better isolation between adjacent variants while using only a limited number of diversified applications. Finally, the software assignment problem, i.e., how to optimally assign diverse software to different hosts in a network in order to improve the network's resilience to security threats like worms, is addressed in [45] by considering practical constraints, and a similar issue is formulated and solved as a multi-objective optimization problem in [46].…”

Section: N-version Programming and N-variant Systemsmentioning

confidence: 99%

Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications

Qu¹,

Huo²,

Wang³

2018

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

Web-based applications delivered using clouds are becoming increasingly popular due to less demand of client-side resources and easier maintenance than desktop counterparts. At the same time, larger attack surfaces and developers' lack of security proficiency or awareness leave Web applications particularly vulnerable to security attacks. On the other hand, diversity has long been considered as a viable approach to detecting security attacks since functionally similar but internally different variants of an application will likely respond to the same attack in different ways. However, most diversity-by-design approaches have met difficulties in practice due to the prohibitive cost in terms of both development and maintenance. In this work, we propose to employ opportunistic diversity inherent to Web applications and their database backends to detect injection attacks. We first conduct a case study of common vulnerabilities to confirm the potential of opportunistic diversity for detecting potential attacks. We then devise a multi-stage approach to examine features extracted from the database queries, their effect on the database, the query results, as well as the user-end results. Next, we combine the partial results obtained from different stages using a learning-based approach to further improve the detection accuracy. Finally, we evaluate our approach using a real world Web application.

show abstract

Toward Software Diversity in Heterogeneous Networked Systems

Cited by 13 publications

References 24 publications

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

Maximizing Network Reliability to 0-Day Exploits Through a Heterogeneous Node Migration Strategy

Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications

Contact Info

Product

Resources

About