Skip to main content
SpringerLink
Log in

On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5587))

Abstract

Many systems have been introduced to detect software intrusions by comparing the outputs and behavior of diverse replicas when they are processing the same, potentially malicious, input. When these replicas are constructed using off-the-shelf software products, it is assumed that they are diverse and not compromised simultaneously under the same attack. In this paper, we analyze vulnerabilities published in 2007 to evaluate the extent to which this assumption is valid. We focus on vulnerabilities in application software, and show that the majority of these software products – including those providing the same service (and therefore multiple software substitutes can be used in a replicated system to detect intrusions) and those that run on multiple operating systems (and therefore the same software can be used in a replicated system with different operating systems to detect intrusions) – either do not have the same vulnerability or cannot be compromised with the same exploit. We also find evidence that indicates the use of diversity in increasing attack tolerance for other software. These results show that systems utilizing off-the-shelf software products to introduce diversity are effective in detecting intrusions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bandhakavi, S., Bisht, P., Madhusudan, P., Venkatakrishnan, V.N.: Candid: preventing sql injection attacks using dynamic candidate evaluations. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 12–24. ACM, New York (2007)

    Google Scholar 

  2. Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 281–289. ACM, New York (2003)

    Google Scholar 

  3. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a board range of memory error exploits. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 8 (2003), USENIX Association

    Google Scholar 

  4. Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems – A secretless framework for security through diversity. In: Proceedings of the 15th USENIX Security Symposium (August 2006)

    Google Scholar 

  5. Dhamankar, R.: SANS Top-20 Security Risks (2007), http://www.sans.org/top20/2007/

  6. Edge, J.: Remote file inclusion vulnerabilities (Octobor 2006), http://lwn.net/Articles/203904/

  7. Fyodor, G.L.: Remote os detection via tcp/ip stack fingerprinting. Technical report, INSECURE.ORG (October 1998)

    Google Scholar 

  8. Gao, D., Reiter, M.K., Song, D.: Behavioral distance for intrusion detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 63–81. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Gao, D., Reiter, M.K., Song, D.: Behavioral distance measurement using hidden markov models. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 19–40. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Gao, D., Reiter, M.K., Song, D.: Beyond output voting: Detecting compromised replicas using HMM-based behavioral distance. IEEE Transactions on Dependable and Secure Computing (TDSC) (July 2008)

    Google Scholar 

  11. Gashi, I., Popov, P.: Fault tolerance via diversity for off-the-shelf products: A study with sql database servers. IEEE Transactions on Dependable Secure Computing 4(4), 280–294 (2007); Member-Lorenzo Strigini

    Article  Google Scholar 

  12. Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C.P., Quarterman, J.S., Schneier, B.: Cyberinsecurity: The cost of monopoly. Technical report, CCIA (2003)

    Google Scholar 

  13. Jovanovic, N., Kirda, E., Kruegel, C.: Preventing Cross Site Request Forgery Attacks. In: IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks, Securecomm (2006)

    Google Scholar 

  14. Just, J.E., Reynolds, J.C., Clough, L.A., Danforth, M., Levitt, K.N., Maglich, R., Rowe, J.: Learning unknown attacks - A start. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 158–176. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 272–280. ACM Press, New York (2003)

    Google Scholar 

  16. Linger, R.C.: Systematic generation of stochastic diversity as an intrusion barrier in survivable systems software. In: HICSS 1999: Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences, Washington, DC, USA, 1999, vol. 3, p. 3062. IEEE Computer Society, Los Alamitos (1999)

    Google Scholar 

  17. O’Donnell, A.J., Sethu, H.: On achieving software diversity for improved network security using distributed coloring algorithms. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 121–131. ACM, New York (2004)

    Google Scholar 

  18. Reynolds, J., Just, J., Lawson, E., Clough, L., Maglich, R.: The design and implementation of an intrusion tolerant system. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN 2002) (2002)

    Google Scholar 

  19. Salton, G., Wong, A., Yang, C.S.: A vector space model for automatic indexing. Communications of the ACM 18(11), 613–620 (1975)

    Article  MATH  Google Scholar 

  20. Singh, A.: Mac OS X Internals: A Systems Approach. Addison-Wesley, Reading (2006)

    Google Scholar 

  21. Stamp, M.: Risks of monoculture. Communications of the ACM 47(3), 120 (2004)

    Article  Google Scholar 

  22. Totel, E., Majorczyk, F., Mé, L.: COTS diversity based intrusion detection and application to web servers. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 43–62. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Trowbridge, C.: An overview of remote operating system fingerprinting. Technical report, The SANS Institute (July 2003)

    Google Scholar 

  24. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: Proceeding of the Network and Distributed System Security Symposium (NDSS) (February 2007)

    Google Scholar 

  25. Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: ICSE 2008: Proceedings of the 30th international conference on Software engineering, pp. 171–180. ACM, New York (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore

    Jin Han, Debin Gao & Robert H. Deng

Authors
  1. Jin Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debin Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert H. Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SAP Research Center Karlsruhe, Karlsruhe, Germany

    Ulrich Flegel

  2. Dipartimento di Informatica e Comunicazione, Università degli Studi di Milano, Milano, Italy

    Danilo Bruschi

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Han, J., Gao, D., Deng, R.H. (2009). On the Effectiveness of Software Diversity: A Systematic Study on Real-World Vulnerabilities. In: Flegel, U., Bruschi, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2009. Lecture Notes in Computer Science, vol 5587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02918-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02918-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02917-2

  • Online ISBN: 978-3-642-02918-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation