A Framework for Achieving Component Diversity

Funding -  News -  Papers -  People -  Talks -  Related Projects

Research Summary

We seek to reproduce the genetic diversity found in nature by deliberately and systematically introducing diversity in software components. The hope is that while the phenotype of software components will be similar (its functional behavior), its genotype will contain enough variations to protect the population against a broad class of diseases (attacks, aging).

As our engine of software diversity, we will use a systematic and comprehensive methodology based on two fundamental and complementary approaches: design diversity and data diversity, Design diversity is the creation of multiple implementations of a given specification such that the different implementations have different designs. Data diversity is the use of multiple copies of a single implementation with each copy operating on different input data but yielding the same desired results. In data diversity, the different data streams are produced by a process known as data re-expression. Each diversity approach will be applied systematically at multiple levels of software representation to produce a spectrum of techniques for the creation of diverse software components.


Principal Investigator: John Knight (University of Virginia)

    Jack Davidson (University of Virginia)
    David Evans (University of Virginia)
    Anh Nguyen–Tuong (University of Virginia)
    Chenxi Wang (Carnegie Mellon University)

Research Staff

Adrian Filipi
Jonathan Rowanhill

Graduate Students

Benjamin Cox
Michael Crane
Wei Hu
Jeffrey Shirley
Ana Nora Sovarel
Dan Williams

In The News

Salon. Computer, heal thyself, 12 July 2004. [Original Article] [Archive Copy]

Information Security Magazine. BIOLOGY: Back to Nature?. July 2004. [Original Article] [Archive Copy]

Defense Aerospace. DARPA Selects Contractors for Self-Regenerative Systems Program. April 15, 2004. [Original Article] [Archive Copy]


Where's the FEEB?: The Effectiveness of Instruction Set Randomization . Ana Nora Sovarel, David Evans and Nathanael Paul. 14th USENIX Security Symposium. Baltimore, MD. August 2005. (PDF, HTML, 16 pages)

Automatically Hardening Web Applications Using Precise Tainting . Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans. Twentieth IFIP International Information Security Conference (SEC 2005). 30 May - 1 June 2005, Chiba, Japan. (PDF, 12 pages)

.NET Security: Lessons Learned and Missed from Java . Nathanael Paul and David Evans. Twentieth Annual Computer Security Applications Conference (ACSAC 2004). December 6-10, 2004, Tucson, Arizona. (PDF, 10 pages)

Localization for Mobile Sensor Networks. Lingxuan Hu and David Evans. To appear in Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). 26 September - 1 October 2004. (PDF, 13 pages)


Polygraphing Processes: N-Variant Systems for Secretless Security [PPT] (David Evans). DARPA SRS PIs Meeting, Alexandria, VA. 12 July 2005.

Stealing Secrets and Secretless Security Structures [PPT] (David Evans). Colloquim at Harvard University. 27 June 2005.

Security Through Diversity [PPT] (David Evans). Colloquim at MIT CSAIL. 23 June 2005. v

Automatically Hardening Web Applications Using Precise Tainting [PPT] (Salvatore Guarnieri). Twentieth IFIP International Information Security Conference (SEC 2005). 30 May - 1 June 2005, Chiba, Japan.

Where's the FEEB?: The Effectiveness of Instruction Set Randomization [PPT] (David Evans). Invited CERIAS Seminar at Purdue University, Indiana. 9 March 2005.

What Biology Can (and Can't) Teach Us About Security [PPT] [PDF] (David Evans). Invited talk at USENIX Security Symposium, San Diego, August 12, 2004.

GENESIS: A Farmework for Achieving Component Diversity [PPT] (John Knight). DARPA SRS PI's Kickoff Meeting, Arlington, Virginia, 20 July 2004.

Reading Group

UVa's Security Reading Group meets most weeks Wednesday afternoon at 3:30. See // for an updated schedule and information about joining.

Related Projects by the PIs

Dependability Research Group
IPA — Inexpensive Program Analysis
Physicrypt — Physical Cryptography and Security Group
STILT — System for Terrorism Intervention and Large-Scale Teamwork
Swarm Computing
Willow Survivability Architecture


Our research is funded by DARPA's Self-Regenerative Systems (SRS) program.

swarm University of Virginia
Department of Computer Science
Dependability Research Group
Sponsored by DARPA SRS Program David Evans