Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

7-2009

Abstract

Many systems have been introduced to detect software intrusions by comparing the outputs and behavior of diverse replicas when they are processing the same, potentially malicious, input. When these replicas are constructed using off-the-shelf software products, it is assumed that they are diverse and not compromised simultaneously under the same attack. In this paper, we analyze vulnerabilities published in 2007 to evaluate the extent to which this assumption is valid. We focus on vulnerabilities in application software, and show that the majority of these software products --- including those providing the same service (and therefore multiple software substitutes can be used in a replicated system to detect intrusions) and those that run on multiple operating systems (and therefore the same software can be used in a replicated system with different operating systems to detect intrusions) --- either do not have the same vulnerability or cannot be compromised with the same exploit. We also find evidence that indicates the use of diversity in increasing attack tolerance for other software. These results show that systems utilizing off-the-shelf software products to introduce diversity are effective in detecting intrusions.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Detection of Intrusions and Malware, and Vulnerability Assessment: 6th International Conference, DIMVA 2009, Como, Italy, July 9-10: Proceedings

Volume

5587

First Page

127

Last Page

146

ISBN

9783642029172

Identifier

10.1007/978-3-642-02918-9_8

Publisher

Springer

City or Country

Berlin

Copyright Owner and License

Publisher

Additional URL

https://doi.org/10.1007/978-3-642-02918-9_8

Download

Share

COinS