Security through Redundant Data Diversity

Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, Jack W. Davidson.
38th IEEE/IFPF International Conference on Dependable Systems and Networks, Anchorage, Alaska, June 2008.

Abstract

Unlike other diversity-based approaches, N-variant systems thwart attacks without requiring secrets. Instead, they use redundancy (to require an attacker to simultaneously compromise multiple variants with the same input) and tailored diversity (to make it impossible to compromise all the variants with the same input for given attack classes). In this work, we develop a method for using data diversity in N-variant systems to provide high-assurance arguments against a class of data corruption attacks. Data is transformed in the variants so identical concrete data values have different interpretations. In order to corrupt the data without detection, an attacker would need to alter the corresponding data in each variant in a different way while sending the same inputs to all variants. We demonstrate our approach with a case study using that thwarts attacks that corrupt UID values.

Paper

Full paper (10 pages): [PDF]

Links

This paper builds on our earlier USENIX Security 2006 paper:

Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. N-Variant Systems: A Secretless Framework for Security through Diversity . 15th USENIX Security Symposium, Vancouver, BC, August 2006. (PDF, 16 pages; HTML)
N-Variant Systems Project

David Evans
University of Virginia
Department of Computer Science
 evans@virginia.edu