2001-01

A Security Architecture for Survivable Systems

Chenxi Wang, January 2001

Advisors: John Knight and William Wulf

Online Formats: PostScript, PDF

Abstract: In network management systems, some management entities reside on application hosts that are not necessarily trustworthy. The integrity of these software entities are essential to the security of the network management scheme. This dissertation presents a novel framework to provide software security against malicious execution environments. The approach consists of two fundamental techniques: a) Incoporating design diversity in the program such that impersonation or intelligent tampering require extensive analysis of the program, and b) one aspect of program analysis--static analysis--is deterred by the incorporation of aliasing and further degeneration of program control flow. I show that analyzing the transformed programs statically is an NP-hard problem. I also provide threoretic bounds on approximation analysis methods. The transformations are implemented in a C compiler. Program performance results are presented. Empirical experiments with existing analysis tools showed that static analyses for the transformed programs are nearly impossible to carry out.