Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems

The use of diversity and redundancy in the security do-main is an interesting approach to prevent or detect intru-sions. Many researchers have proposed architectures based on those concepts where diversity is either natural or ar-tificial. These architectures are based on the architecture of N-version programming and were often instantiated for web servers without taking into account the web applica-tion(s) running on those. In this article, we present a solu-tion to protect the web applications running on this kind of architectures in order to detect and tolerate code injection intrusions. Our solution consists in creating diversity in the web application scripts by randomizing the language un-derstood by the interpreter so that an injected code can not be executed by all the servers. We also present the issues re-lated to the automatization of our solution and present some solutions to tackle these issues.

FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery

The goal of the FOREVER project is to develop a service for Fault/intrusiOn REmoVal through Evolution & Recovery. In order to achieve this goal, our work addresses three main tasks: the definition of the FOREVER service architecture; the analysis of how diversity techniques can improve resilience; and the evaluation of the FOREVER service. The FOREVER service is an important contribution to intrustion-tolerant replication middleware and significantly enhances the resilience

Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Fault tolerance via diversity for off-the-shelf products: A study with SQL database servers

If an off-the-shelf software product exhibits poor dependability due to design faults, then software fault tolerance is often the only way available to users and system integrators to alleviate the problem. Thanks to low acquisition costs, even using multiple versions of software in a parallel architecture, which is a scheme formerly reserved for few and highly critical applications, may become viable for many applications. We have studied the potential dependability gains from these solutions for off-the-shelf database servers. We based the study on the bug reports available for four off-the-shelf SQL servers plus later releases of two of them. We found that many of these faults cause systematic noncrash failures, which is a category ignored by most studies and standard implementations of fault tolerance for databases. Our observations suggest that diverse redundancy would be effective for tolerating design faults in this category of products. Only in very few cases would demands that triggered a bug in one server cause failures in another one, and there were no coincident failures in more than two of the servers. Use of different releases of the same product would also tolerate a significant fraction of the faults. We report our results and discuss their implications, the architectural options available for exploiting them, and the difficulties that they may present

Fault diversity among off-the-shelf SQL database servers

Fault tolerance is often the only viable way of obtaining the required system dependability from systems built out of "off-the-shelf" (OTS) products. We have studied a sample of bug reports from four off-the-shelf SQL servers so as to estimate the possible advantages of software fault tolerance - in the form of modular redundancy with diversity - in complex off-the-shelf software. We checked whether these bugs would cause coincident failures in more than one of the servers. We found that very few bugs affected two of the four servers, and none caused failures in more than two. We also found that only four of these bugs would cause identical, undetectable failures in two servers. Therefore, a fault-tolerant server, built with diverse off-the-shelf servers, seems to have a good chance of delivering improvements in availability and failure rates compared with the individual off-the-shelf servers or their replicated, nondiverse configurations

Security-aware selection of Web Services for Reliable Composition

Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to implement their core business only and outsource other service components over the Internet, either pre-selected or on-the-fly. The selected third party web services may have security vulnerabilities. Vulnerable web services are of limited practical use. We propose to use an intrusion-tolerant composite web service for each functionality that should be fulfilled by a third party web service. The third party services employed in this approach should be selected based on their security vulnerabilities in addition to their performance. The security vulnerabilities of the third party services are assessed using a penetration testing tool. In this paper we present our preliminary research work

The Multiple Facets of Software Diversity: Recent Developments in Year 2000 and Beyond

Early experiments with software diversity in the mid 1970's investigated N-version programming and recovery blocks to increase the reliability of embedded systems. Four decades later, the literature about software diversity has expanded in multiple directions: goals (fault-tolerance, security, software engineering); means (managed or automated diversity) and analytical studies (quantification of diversity and its impact). Our paper contributes to the field of software diversity as the first paper that adopts an inclusive vision of the area, with an emphasis on the most recent advances in the field. This survey includes classical work about design and data diversity for fault tolerance, as well as the cybersecurity literature that investigates randomization at different system levels. It broadens this standard scope of diversity, to include the study and exploitation of natural diversity and the management of diverse software products. Our survey includes the most recent works, with an emphasis from 2000 to present. The targeted audience is researchers and practitioners in one of the surveyed fields, who miss the big picture of software diversity. Assembling the multiple facets of this fascinating topic sheds a new light on the field