• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

DMCA

N-variant systems: A secretless framework for security through diversity (2006)

Cached

  • Download as a PDF

Download Links

  • [www.usenix.org]
  • [static.usenix.org]
  • [static.usenix.org]
  • [pleiad.dcc.uchile.cl]
  • [www.usenix.org]
  • [www.usenix.org]
  • [www.usenix.org]
  • [www.cs.virginia.edu]
  • [dependability.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [www.cs.cornell.edu]
  • [www.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [www.cs.virginia.edu]
  • [ecee.colorado.edu]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Benjamin Cox , David Evans , Adrian Filipi , Jonathan Rowanhill , Wei Hu , Jack Davidson , John Knight , Anh Nguyen-tuong , Jason Hiser
Venue:In Proceedings of the 15th USENIX Security Symposium
Citations:121 - 3 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Cox06n-variantsystems:,
    author = {Benjamin Cox and David Evans and Adrian Filipi and Jonathan Rowanhill and Wei Hu and Jack Davidson and John Knight and Anh Nguyen-tuong and Jason Hiser},
    title = {N-variant systems: A secretless framework for security through diversity},
    booktitle = {In Proceedings of the 15th USENIX Security Symposium},
    year = {2006},
    pages = {105--120}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We present an architectural framework for systematically using automated diversity to provide high assurance detection and disruption for large classes of attacks. The framework executes a set of automatically diversified variants on the same inputs, and monitors their behavior to detect divergences. The benefit of this approach is that it requires an attacker to simultaneously compromise all system variants with the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to carry out large classes of important attacks. In contrast to previous approaches that use automated diversity for security, our approach does not rely on keeping any secrets. In this paper, we introduce the N-variant systems framework, present a model for analyzing security properties of N-variant systems, define variations that can be used to detect attacks that involve referencing absolute memory addresses and executing injected code, and describe and present performance results from a prototype implementation. 1.

Keyphrases

n-variant system    secretless framework    large class    prototype implementation    disjoint exploitation set    high assurance detection    system variant    absolute memory address    architectural framework    important attack    define variation    previous approach    n-variant system framework    diversified variant    injected code    present performance result    security property   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University