N-Variant Systems
A Secretless Framework for Security through Diversity

Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser
15th USENIX Security Symposium
Vancouver, BC
August 2006


We present an architectural framework for systematically using automated diversity to provide high assurance detection and disruption of large classes of attacks. The framework executes a set of automatically diversified variants on the same inputs, and monitors their behavior to detect divergences. The benefit of this approach is that it requires an attacker to simultaneously compromise all system variants with the same input. By constructing variants with disjoint exploitation sets, we can make it impossible to carry out large classes of important attacks. In contrast to previous approaches that use automated diversity for security but rely on keeping secrets to provide probabilistic security properties, the security of our approach does not rely on keeping any secrets. In this paper, we introduce the N-variant systems framework, present a model for analyzing security properties of N-variant systems, define variations that can be used to detect attacks that involve referencing absolute memory addresses and executing injected code, and describe and present performance results from a prototype implementation.


Full paper (16 pages): [PDF] [HTML]


Promising Breaks and Breaking Promises: Program Analysis in Theory and Practice [PPT, PDF] (David Evans). 90-minute class at SDWest 2006, 17 March 2006. Incoporates slides from a talk by Jinlin Yang.

The N-Variant Systems Framework: Polygraphing Processes for Secretless Security [PPT, PDF] (David Evans). Colloquim at University of Texas at San Antonio, 4 October 2005.

Polygraphing Processes: N-Variant Systems for Secretless Security [PPT] (David Evans). DARPA SRS PIs Meeting, Alexandria, VA. 12 July 2005.

Stealing Secrets and Secretless Security Structures [PPT] (David Evans). Colloquium at Harvard University. 27 June 2005.


N-Variant Systems Project

UVa Genesis Project

CS 655 David Evans - Publications
University of Virginia
Department of Computer Science
David Evans