Automated and Adaptive Diversity for Improving Computer System Security

PI: Dawn Song

Abstract: Diversity is an important source of robustness in biological systems. Because each individual has slightly different properties, it is unlikely that any single pathogen will eliminate or escape the entire population. By contrast, today's computer systems are largely homogeneous, being overwhelmingly dominated by one or two operating systems and a few common applications from a handful of software vendors. This fact is routinely exploited by attackers via Internet worms such as Code Red, which infected over 250,000 systems in just nine hours using a single buffer overflow vulnerability.

The project will develop methods for diversifying computer systems automatically and systematically -- exploring diversity at various levels of a system and for various purposes, e.g., to make a system more difficult to compromise, to make a system more difficult to damage even after a successful compromise, and to make it more difficult for a successful compromise to evade detection. In order to succeed, many of the mechanisms explored in this work must hide or disguise information about system specifics from an attacker, and this theme will underlie several of the projects.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Application #
0311808
Program Officer
Karl Levitt
Project Start
Project End
Budget Start
2003-08-15
Budget End
2008-05-31
Support Year
Fiscal Year
2003
Total Cost
$514,997
Indirect Cost
Name
Carnegie-Mellon University
Department
Type
DUNS #
City
Pittsburgh
State
PA
Country
United States
Zip Code
15213