Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approved for Public Release, Distribution Unlimited G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans,

Published byLesley Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Approved for Public Release, Distribution Unlimited G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans,"— Presentation transcript:

1 Approved for Public Release, Distribution Unlimited G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi Wang Carnegie Mellon University

2 Approved for Public Release, Distribution Unlimited 2 What Is The Problem? Many machines with the same vulnerability What is a vulnerability? A vulnerability is a fault in the classic sense of dependability theory Fault types: Degradationsomething breaks in one copy Designflaw in design affects all copies Software faults are design faults

3 Approved for Public Release, Distribution Unlimited 3 Redundancy & Degradation Faults Computer 1 Computer 2 Computer N InputsVoterOutputs Damage Assessment State Restoration Error Detection Continued Service N Modular Redundant (NMR) System Identical Computers

4 Approved for Public Release, Distribution Unlimited 4 Redundancy & Design Faults Redundancy is diversity Works well for degradation faults: Faults have predictable statistical behavior Effective mathematical models available What about design faults? Simple replication doesn’t work, obviously Requires different (diverse) designs to be effective

5 Approved for Public Release, Distribution Unlimited 5 Multiple Systems LinuxWindowsOS/2 Specification Vulnerabilities

6 Approved for Public Release, Distribution Unlimited 6 Design Diversity Development Version Development 1 System Assembly Component Specification Version Development 2 Version Development N Interaction Barriers Goal: Different Faults Because Of Independent Development Technology Restrictions

7 Approved for Public Release, Distribution Unlimited 7 Design Diverse System Version 1 Version 2 Version N InputsVoterOutputs N Version System How “Different”? Assumption: Different Faults Because Of Independent Development

8 Approved for Public Release, Distribution Unlimited 8 Design Diversity Does not work well for design faults No upper bound on failure probability No practical statistical models No definition of “design diversity” No procedure for achieving it Linux vs. Windows is, however, worse—it is purely ad hoc But, what else is there?

9 Approved for Public Release, Distribution Unlimited 9 Data Diversity Heisenbug (Jim Gray): Program fails Sometimes if you rerun the program, it works Applied to Tandem operating system We all do this in daily operation Several variants of approach developed Comprehensive, general approach developed: Data diversity

10 Approved for Public Release, Distribution Unlimited 10 Data Diverse System Copy 1 Copy 2 Copy N InputsVoter N Copy Architecture Data Reexpression Reverse Data Reexpression Same Software Reverse Data Reexpression

11 Approved for Public Release, Distribution Unlimited 11 Data Diversity Low cost—software is copied Unknown performance for design faults Experimental evidence that it works well Can be very powerful: sin(x)=sin(a + b) =sin(a)cos(b) + cos(a)sin(b) =sin(a)sin(90-b) + sin(90-a)sin(b) Choose a and b, repeat, vote

12 Approved for Public Release, Distribution Unlimited 12 The Vision Automated production of design-diverse, functionally-equivalent software Automatic production of data-diverse, functionally-equivalent software It might work…

13 Approved for Public Release, Distribution Unlimited 13 Overall Approach Analysis of the diversity space Automated production of functionally-equivalent software and data: Compiler and meta-compiler technology: Source-level transformations Compiler transformations Data stream rewriting Virtual Machine Technology Run-time software translation techniques Rationale that diversity is an effective defense mechanism: Experimental evaluation Modeling of effects of diversity on known vulnerabilities Application to COTS software

14 Approved for Public Release, Distribution Unlimited 14 Hierarchic Design Diversity Run-time Transformations

15 Approved for Public Release, Distribution Unlimited 15 Source to Source Transformations Underlying model of tasks: e.g. fork/execs vs. threads Process interaction: e.g. low-level semaphores vs. higher-level monitors Fundamental libraries: e.g. libc, sockets, etc… Diversity achieved by component combinations

16 Approved for Public Release, Distribution Unlimited 16 Compiler Transformations Generate N compilers that target different architectures Manipulate formal description of target architecture—Computer Systems Description Language (CSDL): Instruction Set Architecture (ISA) specification Calling convention specification Example diversity techniques: Different calling conventions ISA subsets created, enforced dynamically Memory layouts—code and data Implement the above within the same program

17 Approved for Public Release, Distribution Unlimited 17 Run-time Transformations Software Dynamic Translation STRATA system: Layer between hardware and application Designed to be easily retargeted Virtual machine provides: Underlying target Supplementary rules on use of target Software Dynamic Translation systems : FX 32 Dynamo Transmeta

18 Approved for Public Release, Distribution Unlimited 18 STRATA—Basic Operation Enforce Desired Policies

19 Approved for Public Release, Distribution Unlimited 19 Example STRATA Policies Apply compile-time transformations dynamically: Rearrangement basic blocks, calling sequence transformations, etc… Dynamic injection and enforcement of behavioral policies E.g. resource usage (files, sockets, tasks) Language diversity: dialects Only allow subsets of original instruction set Vary subsets dynamically

20 Approved for Public Release, Distribution Unlimited 20 STRATA System Architecture Machine Independent Components

21 Approved for Public Release, Distribution Unlimited 21 Data Diversity Diversity in the data space can avoid sequences of events that lead to failure Diversity space offers large range of data re-expression options Precision (Exact, Approximate) Locality (Internal, External) Sequence (inorder-ontime, inorder-offtime, outoforder- ontime, outoforder-offtime)

22 Approved for Public Release, Distribution Unlimited 22 Data Re-expression Examples Change floating point values: Lose precision Translate Rotate Data sequences: Reorder data Change timing of data Memory layout (code and data) Reorder transactions Reorder data in activation records SQL Rewriting …many more examples…

23 Approved for Public Release, Distribution Unlimited 23 Data Re-expression Space These examples are ad hoc Proposals in literature are ad hoc So: Use data re-expression space categorization to drive exploration of diversity techniques (instead of point solutions)

24 Approved for Public Release, Distribution Unlimited 24 Evaluation Theoretical: Modeling of effects of diversity on network vulnerabilities E.g., WORM propagation Understand limits of diversity Categorization of “diversity space” Identify unnecessary homogeneity in software Not just code but also environment, configuration, etc… Experimental: Directed fault seeding: Apply known exploits to target system Apply all Genesis techniques Evaluate variants’ resistance to attack Automated fault seeding

25 Approved for Public Release, Distribution Unlimited 25 Automatic Fault Seeding Need test cases Need typical vulnerabilities, i.e., bugs Can typical bugs be synthesized? Prior work on syntactic transformations: Simple mutations Wide variety of resilience Defects created with excellent statistical properties Plan to try this route

26 Approved for Public Release, Distribution Unlimited 26 Automated Fault Seeding Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Acceptance Tests Error Seeding Genesis Transformations Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Target Software System Vulnerability Assessment

27 Approved for Public Release, Distribution Unlimited 27 State Of The Implementation Exists, ready to use: CSDL Calling convention spec STRATA

28 Approved for Public Release, Distribution Unlimited 28 Specific Questions Posed What you are trying to do (the problem you are addressing)? How will you show that you were successful? What are the implications of successful results (or less than successful results)? What is your technical approach? What is new, or hasn’t been attempted? What significant problems do you anticipate, what makes your project difficult and how do you plan to approach the difficulties? If successful, what have you thought about regarding transitioning the technology? If successful, what would be next?

29 Approved for Public Release, Distribution Unlimited 29 Practical Problem If this works: Building a system will require lots of computer time Lots of systems will require LOTS of computer time But it is just computer time Will not be able to just press CDs Will require a substantial engineering investment

30 Approved for Public Release, Distribution Unlimited 30 Summary Automatic application of design diversity: Macro, midi, micro Systematic application of data diversity: Internal, external, all dimensions Seamless integration of the two Evaluation and assessment: Directed fault seeding Automated fault seeding Questions?

Download ppt "Approved for Public Release, Distribution Unlimited G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans,"

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Configuration management

Configuration management
Software change management

Software change management
Configuration management

Configuration management
Design of Experiments Lecture I

Design of Experiments Lecture I
Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,

Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,
University of VirginiaDARPA SRS - 27 Jan 20051 Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.

University of VirginiaDARPA SRS - 27 Jan Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.

Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
The Architecture Design Process

The Architecture Design Process
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.

Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.
Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.

Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.
Educational Computer Architecture Experimentation Tool Dr. Abdelhafid Bouhraoua.

Educational Computer Architecture Experimentation Tool Dr. Abdelhafid Bouhraoua.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.

Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Similar presentations

Ads by Google