Files and links (1)
PDFOpen Access (License Unspecified), Open Access
Dissertation
Security through network-wide diversity assignment
Doctor of Philosophy (Ph.D.), Drexel University
Sep 2005
DOI:
https://doi.org/10.17918/etd-551
Abstract
The best efforts of the computer security community have not eliminated software with hidden attackable vulnerabilities in the world. Code analyzers and hardened operating environments have reduced software bugs. Improved training has created capable security administrators who have decreased the population of exploitable systems through attentive patching and network access control. A third approach to combating vulnerabilities has been proposed which requires the use of diverse software packages to slow or stop attackers. Literature examining the topic of software diversity details a variety of implementations, but for both business and technical reasons, the limited number of functionally equivalent yet distinct software packages makes diversity a less effective strategy than one may like. In this dissertation, we make diversity a viable security strategy despite the limited number of diverse systems. We abstract the software diversity concept to a hypergraph by considering how techniques for generating diversity interact and present themselves to attackers. We show that diversity's utility can be increased through the use of graph coloring algorithms. We design a series of distributed graph coloring algorithms and test these on real-world graphs collected from the BGP topology of the IPv6 backbone and nine months of e-mail traffic. The diversity assignments are quantified through the use of graph theory-based metrics, such as the monochromatic edge count and the disconnected component count, as well as the epidemic threshold, a metric borrowed from epidemiology research. Any methodology for increasing the attack tolerance of a network is destined to come under attack itself. We examine the tradeoff between the quality of our algorithm's diversity assignment produced and our algorithm's attack tolerance. We show that the attack tolerance of our algorithms can be increased by presenting an attacker with a diversity of graph coloring algorithms. Based upon our observations, simulations, and analysis we are left with a confirmation of our thesis: not only is diversity critical for improving the attack tolerance of a network, but diversitymust be applied at all levels of system design including mechanisms to introduce the diversity itself.
Metrics
25 File views/ downloads
24 Record Views
Details
- Title
- Security through network-wide diversity assignment
- Creators
- Adam J. O'Donnell - DU
- Contributors
- Harish Sethu (Advisor) - Drexel University (1970-)
- Awarding Institution
- Drexel University
- Degree Awarded
- Doctor of Philosophy (Ph.D.)
- Publisher
- Drexel University; Philadelphia, Pennsylvania
- Resource Type
- Dissertation
- Language
- English
- Academic Unit
- Electrical and Computer Engineering; College of Engineering; Drexel University
- Other Identifier
- 551; 991014632286804721