Collaborative Self-healing Systems (COSS) is a new paradigm for protecting software systems. Software monocultures are widely used applications that share common vulnerabilities. Hence, any attack that exploits one instance of a vulnerable application provides the means for wide-spread damage. The emerging concept of collaborative security, wherein independent but cooperative entities form a group to improve their individual security, provides the opportunity to exploit the homogeneity of a software monoculture for collective and mutual protection. Monocultures can be leveraged to improve an application's overall security and reliability. COSS members running independent instances of the same application will continuously exchange information that allows them to collectively identify new application faults and attacks (collaborative monitoring), identify the core vulnerability shared by all instances of the application (vulnerability identification), and to automatically develop, test and apply fixes (heal the application). Identifying the application vulnerability requires potentially substantial costs in instrumentation and monitoring in each application instance. We leverage the size of a COSS to amortize the cost of monitoring the application's behavior on a per-instance basis by distributing the monitoring task across a large population; each instance only monitors a portion of the common application but collectively the entire application is covered. COSS may be viewed as a large-scale, diverse software-testing facility that allows its members to identify how a potentially large and complex host application behaves at a very fine level of granularity. This project develops, prototypes and evaluates technologies for automatically building collaborative, self-securing software systems, enabling reliable and secure commodity software.
