Title :
Security through Diversity: Are We There Yet?
Author :
Larsen, Per ; Brunthaler, Stefan ; Franz, Michael
Author_Institution :
Univ. of California, Irvine, Irvine, CA, USA
Abstract :
Because most software attacks rely on predictable behavior on the target platform, mass distribution of identical software facilitates mass exploitation. Countermeasures include moving-target defenses in general and biologically inspired artificial software diversity in particular. Although the concept of software diversity has interested researchers for more than 20 years, technical obstacles prevented its widespread adoption until now. Massive-scale software diversity has become practical due to the Internet (enabling distribution of individualized software) and cloud computing (enabling the computational power to perform diversification). In this article, the authors take stock of the current state of software diversity research. The potential showstopper issues are mostly solved; the authors describe the remaining issues and point to a realistic adoption path.
Keywords :
cloud computing; security of data; software engineering; Internet; biologically inspired artificial software diversity; cloud computing; mass exploitation; mass identical software distribution; massive-scale software diversity; moving-target defenses; predictable behavior; security; software attacks; target platform; Computer crime; Computer security; Internet; Memory management; Prediction methods; Program processors; Runtime environment; Software architecture; compilers; error handling and recovery; programming languages; software engineering; system issues; testing and debugging;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2013.129
