270 likes | 276 Views
Reducing Risks of Widespread Faults and Attacks for Commercial Applications: Towards Diversity Of Software Components. Marco Casassa Mont Adrian Baldwin Yolanta Beres Keith Harrison Martin Sadler Simon Shiu. Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK.
E N D
Reducing Risks of Widespread Faults and Attacks for Commercial Applications: Towards Diversity Of Software Components Marco Casassa Mont Adrian Baldwin Yolanta Beres Keith Harrison Martin Sadler Simon Shiu Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK COMPSAC 2002 Oxford,26-29 August 2002
Outline • Recent Trends in Commercial Software • Problem: Large Scale Attacks and Faults due to • Lack of Software Diversity • Software Diversity: Current Approaches • An Alternative Approach to Diversity • Work in Progress: Experiments … • Conclusions
Commercial Software Recent Trends
Commercial Software Recent Trends
Problem Lack of Diversity of Commercial Software with Large Installation base
Software Diversity: Current Approaches
SW Version 1 SW Version 2 Decision Algorithms, Voting SW Version 3 Software Diversity: Current Approaches
SW Version 1 SW Version 2 Decision Algorithms, Voting SW Version 3 Software Diversity: Current Approaches
Software Diversity: Current Approaches
Requirements vs. Prior Art Solutions
Commercial Software foundation classes (.NET, JDK, …) .dlls .class … • Usually Made of Components • Components have well defined Interfaces (APIs)
Proposed Approach Diversity at the Installation Time
Proposed Approach Diversity at the Installation Time Component X Implementation 2 Implementation 1 Implementation 3 SW Installation Implementation 2
Software A: A.1, A.2 B: B.1 C: C.1, C.2, C.3 Multiple Available Implementations Installation Script Software Components A B C Software Installer Random-selector Module Installation Knowledge base Installation Engine Installation 1 Installation 2 Persistent Configuration File A.2 B.1 C.3 A.1 B.1 C.2 Model Installation Package Installed Software
Variants of the Model For Organisations, Enterprises, etc.:
Experiments • We Built a Simulator to Experiment about the Effectiveness • of the Proposed Model. • Scenario: Large Population of Systems Under Attack by a • Worm with a Behaviour Similar to Code Red • Setting: Creation of a Number of Virtual Machines (6000) • each with an IP Address and a List of the Installed • Components
Component Implementations Time Experiment #1 • Hypothesis: Only 1 Type of Component is Infectable by the Virus • Progressively Increase the Diversity of the Targeted Component • (Number Of Alternative Implementations: Ranging from 1 to 6)
Implementation Implementations Implementations Time Experiment #2 • Hypothesis: All Component Implementations are Infectable by the Virus • Multiple Attack Strategies of the Virus, each Targeting a Specific • Implementation • Increase the Diversity of the Targeted Component • (Number Of Alternative Implementations: Ranging from 1 to 3)
Conclusions 1. Importance of Addressing the Lack of Diversity for Widely Deployed Commercial Software. 2. Importance of Effectively Protecting a Large Population of Systems as a Whole Entity, rather than Single Systems. 3. We Propose an Alternative Model for Diversity based on Multiple Implementations of Critical Components and Their Random Installation, at the Deployment time: No Need for Additional Resources. 4. Work in Progress: we are Learning by making more Experiments and Real Development of Applications based on our Method …