Security through Diversity: Leveraging Virtual Machine Technology

Biologists have long recognized the dangers of the lack of diversity or monocultures in biological systems. Recently, it has been noted that much of the fragility of our networked computing systems can be attributed to the lack of diversity or monoculture of our software systems. The problem is severe. Because it is virtually inevitable that software will ship with flaws, our software monoculture leaves systems open to large-scale attacks by knowledgeable adversaries. Inspired by the resilience of diverse biological systems, the authors developed the genesis software development toolchain. An innovative aspect of genesis is the use of an application-level virtual machine technology that enables the application of diversity transforms at any point in the software toolchain. Using Genesis, they authors demonstrated that diversity, when judiciously applied, is a practical and effective defense against two widely used types of attacks - return-to-libc and code injection.