Security through redundant data diversity

Author

Nguyen-Tuong, Anh ; Evans, David ; Knight, John C. ; Cox, Benjamin ; Davidson, Jack W.

Author_Institution

Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA

fYear

2008

fDate

24-27 June 2008

Firstpage

187

Lastpage

196

Abstract

Unlike other diversity-based approaches, N-variant systems thwart attacks without requiring secrets. Instead, they use redundancy (to require an attacker to simultaneously compromise multiple variants with the same input) and tailored diversity (to make it impossible to compromise all the variants with the same input for given attack classes). In this work, we develop a method for using data diversity in N-variant systems to provide high-assurance arguments against a class of data corruption attacks. Data is transformed in the variants so identical concrete data values have different interpretations. In order to corrupt the data without detection, an attacker would need to alter the corresponding data in each variant in a different way while sending the same inputs to all variants. We demonstrate our approach with a case study using that thwarts attacks that corrupt UID values.

Keywords

security of data; software fault tolerance; N-variant system; data corruption attack; redundant data diversity; software fault tolerance; Computer architecture; Computer science; Computer security; Concrete; Data security; Distributed computing; Lifting equipment; Monitoring; Redundancy; Voting;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on

Conference_Location

Anchorage, AK

Print_ISBN

978-1-4244-2397-2

Electronic_ISBN

978-1-4244-2398-9

Type

conf

DOI

10.1109/DSN.2008.4630087

Filename

4630087