Security Risks from a Software Monoculture

Birman, Ken; Schneider, Fred

Security Risks from a Software Monoculture

Active / Technical Report | Accession Number: ADA492371 |

Open PDF

Abstract:

A workshop of experts was convened on October 30, 2007 to consider the trade-offs associated with platform homogeneity in complex distributed systems. There were 18 speakers from industry and academia, and an additional 7 observers from AFCIO and AFOSR. The conclusion was that deploying a monocultures would be an effective way to defend against configuration attacks, that artificial diversity could then defend against some technology attacks which monocultures amplify, and that some means would be required to defend against trust attacks. Research that needs to be pursued was identified.

Author(s):

Birman, Ken ; Schneider, Fred

Author Organization(s):

CORNELL UNIV ITHACA NY OFFICE OF SPONSORED PROGRAMS

Descriptive Note:

Final rept. 1 Aug 2007-31 Aug 2008

Supplementary Note:

DOI: 10.21236/ADA492371

Pagination:

0021

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CU-55102, AFRL-SR-AR-TR-08-0512

Contract/Grant Number(s):

FA9550-07-1-0569

Monitor Series:

TR-08-0512, AFOSR/VA

Subject Terms

Joint Capability Areas:

JCA_7_Protection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_1_Force Support; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_5_Command and Control; JCA_6.4_Information Assurance; JCA_1.1_Force Management; JCA_5.3_Planning; JCA_4.1_Deployment and Distribution; JCA_6.1.3_Switching and Routing; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_6.1_Information Transport; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_6.2.1_Information Sharing

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER PROGRAMS, *SOFTWARE ENGINEERING, *ELECTRONIC WARFARE, *DATA PROCESSING SECURITY, *COMPUTER APPLICATIONS, *OPERATING SYSTEMS(COMPUTERS), TRADE OFF ANALYSIS, CONFIGURATIONS, HOMOGENEITY, RISK

Field(s)/Group(s):

Computer Programming and Software, Countermeasures, Computer Systems Management and Standards

Keyword(s):

*CYBERSECURITY, AUTOMATED DIVERSITY, *MONOCULTURES

Report Date:

2008 Nov 15

Creation Date:

2009 Feb 04