Home > Colloquia > Wednesday, April 29, 2009

Wednesday, April 29, 2009

Eric Weatherwax

Chair: Jack W. Davidson, Anh Nguyen-Tuong
Advisor: John Knight

OLSSON 236D, 15:30:00

A Master's Thesis Presentation

Modeling Secretless Security in N-Variant Systems

ABSTRACT

The N-variant architecture combines redundancy and tailored diversity to provide secretless security for a computer system.  This thesis presents a new model of N-variant systems.  This model generalizes previous work and establishes constructive guidelines for future N-variant systems.  The model characterizes the components of N-variant systems and identifies the properties they have.  In particular, four vulnerability types are revealed by the model that all N-variant systems should address explicitly.  The model also serves as a guiding framework for building new N-variant systems.  An N-variant construction process is outlined as a sequence of logical steps guided by the structure and characteristics given by the model.

 

The new N-variant model enables a detailed analysis of N-variant systems.  The model is evaluated by analyzing five existing N-variant systems with respect to the structure given by the model and the four vulnerability types.  An instantiation of the model is shown for each system as it was derived from the general model.  These instantiations along with N-variant component mappings show how each system fits the general model.  Additionally, each system is analyzed in terms of the four vulnerability types, using the model to show the flaws in each system.

 

The N-variant construction process is evaluated by presenting an experiment in designing and implementing a new N-variant system.  This experiment follows the construction steps to build a 2-variant system that protects information stored in a database.  The new system is evaluated according to its effectiveness in achieving a desired security property, its consideration of the four vulnerability types, and a comparison to similar techniques.  The results of the experiment produce a system that provides the desired security property without relying on secrets.