Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University.

Published bySheryl Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University."— Presentation transcript:

1 Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University

2 The Problem? Many networked machines running software with shared vulnerabilities Vulnerabilities present in software with large critical mass invite a larger number of attacks Attacks propagate over networks Diversification – the use of software with fewer shared vulnerabilities – is an approach to mitigate the risk of correlated failure

3 Correlated Failure Nodes within organization are interconnected and equally vulnerable Various Applications Vulnerable Links

4 Too much uniformity -monoculture According to market researcher OneStat.com, Windows now controls 97.46% of the global desktop operating system market, compared to just 1.43% for Apple Macintosh and 0.26% for Linux. Microsoft Internet Explorer has 87.28% browser market share compared to 8.45% for Firefox and 1.21% for Apple’s Safari.

5 Why uniformity? Homogeneity has “network effects” Network effect is the positive externality from consuming a software that others use due to Better connectivity Integration Support etc.

6 But.. Homogeneity means putting all your eggs in one basket… …if one node fails then so will others

7 How can diversity be introduced? Choosing a different product? Linux vs. Windows vs. MAC OS? IE vs. Firefox Outlook vs. thunderbird Different builds using different components MIME-handler and email header processors in mail clients? Sensor network nodes distributed with multiple OS’s in ROM?

8 Diversity: Definition Two software choices Incumbent software 1 Competing software 2 Diversity defined in percentage terms The firm may choose to have x 1 proportion of its systems on incumbent software 1, while having the remaining 1-x 1 on the competing software 2 50% diversity implies half nodes running software 1 and the other half running software 2

9 Diversification Strategy Model Correlated Failure Beta-binomial distribution Estimate Loss due to an Attack Downtime is crucial economic loss Mean time to recover as a metric for loss Security Investment Tradeoffs Service capacity or preparedness Network configuration

10 Modeling Correlated Failure General randomized Binomial distribution The intensity function f p (p) gives the probability distribution that a fraction of all nodes will fail The node failure distribution is beta-binomial when f p (p) follows beta distribution with parameters: Where, π is the (expected) probability of computer failure in an attack, θ ε (0, infinity) is the correlation level

11 Beta-binomial α = 0.1 and β = 0.9 (high corr.) α = 1 and β = 9 α = 10 and β = 90 α = 100 and β = 900 (low corr.) B N (i)

12 Security Cost At any time some computers are affected by worms, viruses, software bugs etc. and require servicing.

13 Loss from an Attack = Expected Repair Time M/G/1 queue M (memoryless): Poisson arrival process, intensity λ, which captures the arrival rate for attacks G (general): general service time distribution, mean E[S] = 1/μ, which captures the service time to bring all infected systems back to normal status 1 : single server, load ρ = λ E[S] (in a stable queue ρ is always less than 1)

14 (Contd.) Loss from an Attack Mean time to bring every node up is given by Pollaczek-Khinchin mean formula Note: Mean downtime depends only on the expectation E[S] and variance V[S] of the service time distribution but not on higher moments, and Mean value increases linearly with the variance.

15 Number of Attacks Attack arrival modeled as a Poisson process with arrival rate λ λ, may depend on many factors including type of software industry where it is used inherent security level of software market share of the software product Economies of scale in attack Let mλ be mean # of attacks against software 2

16 Loss Reduction Via Diversity Where, y = # of computers affected by attack on either type of software y 1 = # of computers affected by attack on incumbent software y 2 = # of computers affected by attack on competing software Individual f(y,x) are given by Beta-Binomial distribution

17 (Contd.) Loss Reduction Via Diversity Where, Service time S = k*y, where k is the measure of service capability; by investing in the IT department’s capacity a firm can decrease service time by decreasing k. λ+mλ = total number of attacks faced; 1/1+m are of type 1 and m/1+m of type 2.

18 Variables of Interest Diversity (x) Service capacity (k) Network configuration (θ)

19 Diversity vs. Service Capacity m is kept constant at 0.5 i.e. software 2 receives half as many attacks as incumbent software 1; π =.05 (5% probability of failure) Investment in service capacity offsets investment in diversity

20 Diversity vs. Network Config. m is kept constant at 0.5 i.e. software 2 receives half as many attacks as incumbent software 1; π =.05 (5% probability of failure) Investment in network config. offsets investment in diversity

21 Optimal Diversity Optimal diversity (i.e. optimal proportion of software 2) declines as software 2 receives more attacks vis-à-vis software 1 π =.05 (5% probability of failure); k = 1; θ = 1, λ=0.1.

22 Future Research Game-theoretic decision models for distributed network partition Graph coloring approach Each agent decides its color taking into account both the benefits and costs of being the same color as its neighbors Additional costs may be imposed by network administrator (social planner) Market Equilibrium Strategic interaction Role of government and industry groups

23 Questions?

Download ppt "Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University."

Similar presentations

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.
1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
IT INFRASTRUCTURE AND EMERGING TECHNOLOGIES

IT INFRASTRUCTURE AND EMERGING TECHNOLOGIES
Chapter 5 Some Important Discrete Probability Distributions

Chapter 5 Some Important Discrete Probability Distributions
Chapter 5 Discrete Random Variables and Probability Distributions

Chapter 5 Discrete Random Variables and Probability Distributions
Statistics for Managers Using Microsoft Excel, 4e © 2004 Prentice-Hall, Inc. Chap 5-1 Chapter 5 Some Important Discrete Probability Distributions Statistics.

Statistics for Managers Using Microsoft Excel, 4e © 2004 Prentice-Hall, Inc. Chap 5-1 Chapter 5 Some Important Discrete Probability Distributions Statistics.
Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.
1 Detection and Analysis of Impulse Point Sequences on Correlated Disturbance Phone G. Filaretov, A. Avshalumov Moscow Power Engineering Institute, Moscow.

1 Detection and Analysis of Impulse Point Sequences on Correlated Disturbance Phone G. Filaretov, A. Avshalumov Moscow Power Engineering Institute, Moscow.
Multiaccess Problem How to let distributed users (efficiently) share a single broadcast channel? ⇒ How to form a queue for distributed users? The protocols.

Multiaccess Problem How to let distributed users (efficiently) share a single broadcast channel? ⇒ How to form a queue for distributed users? The protocols.
Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Return and Risk: The Capital Asset Pricing Model (CAPM) Chapter.

Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Return and Risk: The Capital Asset Pricing Model (CAPM) Chapter.
Chapter 4 Discrete Random Variables and Probability Distributions

Chapter 4 Discrete Random Variables and Probability Distributions
Chapter Outline Expected Returns and Variances of a portfolio

Chapter Outline Expected Returns and Variances of a portfolio
Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.

Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.
Efficient Diversification

Efficient Diversification
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.

The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.
Models and Measures for Correlation in Cyber-Insurance Rainer Böhme Technische Universität Dresden Gaurav Kataria Carnegie.

Models and Measures for Correlation in Cyber-Insurance Rainer Böhme Technische Universität Dresden Gaurav Kataria Carnegie.
1 Performance Evaluation of Computer Networks Objectives  Introduction to Queuing Theory  Little’s Theorem  Standard Notation of Queuing Systems  Poisson.

1 Performance Evaluation of Computer Networks Objectives  Introduction to Queuing Theory  Little’s Theorem  Standard Notation of Queuing Systems  Poisson.
Models for Measuring and Hedging Risks in a Network Plan

Models for Measuring and Hedging Risks in a Network Plan
Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Similar presentations

Ads by Google