Polygraphing Processes: N-Variant System Structures for Secretless Security
ثبت نشده
چکیده
We describe a technique for hardening services that may contain unknown security vulnerabilities. We employ artificial diversity techniques, but in contrast to previous approaches that rely on keeping secrets to provide probabilistic security properties, we develop an architectural framework that provides a high degree of assurance without needing any secrets. The framework requires an attacker to compromise one of the system variants without producing detectable behavior on another system variant processing the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to successfully carry out large classes of important attacks. In this paper, we present the N-variant systems framework, introduce a model for analyzing security properties of N-variant systems, identify two useful variations and their security properties, and describe an implementation and report on its performance.
منابع مشابه
N-Variant Systems: A Secretless Framework for Security through Diversity
We present an architectural framework for systematically using automated diversity to provide high assurance detection and disruption for large classes of attacks. The framework executes a set of automatically diversified variants on the same inputs, and monitors their behavior to detect divergences. The benefit of this approach is that it requires an attacker to simultaneously compromise all s...
متن کاملDehydration of Natural Gas Using Synthesized Chabazite Zeolite Membranes
ine"> Chabazite zeolite membranes were synthesized for their potential application in dehydration of natural gas. The membranes were prepared using secondary growth method on porous <span styl...
متن کاملPhase Inversion in a Batch Liquid – Liquid Stirred System
"> Phase inversion phenomenon occurs in many industrial processes including liquidliquid dispersions. Some parameters such as energy input or the presence of mineral compounds in the system affect this phen...
متن کاملHIV/AIDS Surveillance System in the Islamic Republic of Iran: History, Structures and Processes
Background and Objectives: Iran is one of the Middle Eastern countries that implemented the HIV / AIDS control and surveillance program many years ago. The purpose of this study was to review the HIV / AIDS surveillance system in Iran. Methods: This was a review research to assess the processes, structures and achievements of the HIV/AIDS surveillance system in Iran. The information sources...
متن کاملMultilevel Security in the UNIX Tradition
The original UNIX system was designed to be small and intelligible, achieving power by generality rather than by a profusion of features. In this spirit we have designed and implemented IX, a multilevel-secure variant of the Bell Labs research system. IX aims at sound, practical security, suitable for privateand public-sector uses other than critical national-security applications. The major s...
متن کامل