Application communities: using monoculture for dependability

Authors:
Michael E. Locasto;Stelios Sidiroglou;Angelos D. Keromytis
Affiliations:
Network Security Lab, Computer Science Department, Columbia University;Network Security Lab, Computer Science Department, Columbia University;Network Security Lab, Computer Science Department, Columbia University
Venue:
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Year:
2005

Citing 11
Cited 5

Analysis of Faults in an N-Version Software Experiment

IEEE Transactions on Software Engineering
On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Randomized instruction set emulation to disrupt binary code injection attacks

Proceedings of the 10th ACM conference on Computer and communications security
Risks of monoculture

Communications of the ACM - Homeland security
On the effectiveness of address-space randomization

Proceedings of the 11th ACM conference on Computer and communications security
Building a reactive immune system for software services

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Address obfuscation: an efficient approach to combat a board range of memory error exploits

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A secure station for network monitoring and control

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The N-Version Approach to Fault-Tolerant Software

IEEE Transactions on Software Engineering
Monoculture

IEEE Security and Privacy
No clear answers on monoculture issues

IEEE Security and Privacy

Dark application communities

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Eudaemon: involuntary and on-demand emulation against zero-day exploits

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Identifying the provenance of correlated anomalies

Proceedings of the 2011 ACM Symposium on Applied Computing
FLIPS: hybrid adaptive intrusion prevention

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Anagram: a content anomaly detector resistant to mimicry attack

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Artificial diversity is one method for mitigating the security risks of software monoculture. Introducing diversity increases resilience by obfuscating the system parameters an attacker must control for a successful exploit. We take a different approach to resilience and introduce the concept of Application Communities (AC): collections of independent instances of the same application that cooperatively monitor their execution for flaws and attacks and notify the community when such events are detected. We propose a set of parameters that define an AC and explore the tradeoffs between the minimal size of an AC, the marginal overhead imposed on each member, and the speed with which new faults are detected. We provide a sketch of both analytical and experimental results that show ACs are feasible for current applications: an AC of 15,000 members can monitor Apache for new faults with a 6% performance degradation for each member