ESORICS 2004: Computer Security – ESORICS 2004 pp 423-438 | Cite as

Redundancy and Diversity in Security

  • Bev Littlewood
  • Lorenzo Strigini
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3193)

Abstract

Redundancy and diversity are commonly applied principles for fault tolerance against accidental faults. Their use in security, which is attracting increasing interest, is less general and less of an accepted principle. In particular, redundancy without diversity is often argued to be useless against systematic attack, and diversity to be of dubious value. This paper discusses their roles and limits, and to what extent lessons from research on their use for reliability can be applied to security, in areas such as intrusion detection. We take a probabilistic approach to the problem, and argue its validity for security. We then discuss the various roles of redundancy and diversity for security, and show that some basic insights from probabilistic modelling in reliability and safety indeed apply to examples of design for security. We discuss the factors affecting the efficacy of redundancy and diversity, the role of ”independence” between layers of defense, and some of the tra! de-offs facing designers.

Keywords

Fault Tolerance Intrusion Detection Failure Process Intrusion Detection System Dependable System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Randell, B., Dobson, J.E.: Reliability and Security Issues in Distributed Computing Systems. In: Proc. 5th IEEE International Symposium Reliability in Distributed Software and Database Systems, Los Angeles, pp. 113–118 (1986)Google Scholar
  2. 2.
    Joseph, M.K., Avizienis, A.: A Fault-Tolerant Approach to Computer Viruses. In: Proc. 1988 Symposium on Security and Privacy, Oakland, CA (1988)Google Scholar
  3. 3.
    Littlewood, B., Popov, P., Strigini, L.: Modelling software design diversity - a review. ACM Computing Surveys 33, 177–208 (2001)CrossRefGoogle Scholar
  4. 4.
    Littlewood, B.: The impact of diversity upon common mode failures. Reliability Engineering and System Safety 51, 101–113 (1996)CrossRefGoogle Scholar
  5. 5.
    Littlewood, B., Brocklehurst, S., Fenton, N.E., Mellor, P., Page, S., Wright, D., Dobson, J.E., McDermid, J.E., Gollmann, D.: Towards operational measures of computer security. Journal of Computer Security 2, 211–229 (1994)Google Scholar
  6. 6.
    Littlewood, B., Popov, P., Strigini, L., Shryane, N.: Modelling the effects of combining diverse software fault removal techniques. IEEE Transactions on Software Engineering SE 26, 1157–1167 (2000)CrossRefGoogle Scholar
  7. 7.
    Popov, P., Strigini, L., Romanovsky, A.: Choosing effective methods for design diversity - how to progress from intuition to science. In: Proc. SAFECOMP 1999, 18th International Conference on Computer Safety, Reliability and Security, Toulouse, France, pp. 272–285 (1999)Google Scholar
  8. 8.
    Shamir, A.: How to share a secret. Comm. of the ACM 22, 612–613 (1979)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Deswarte, Y., Blain, L., Fabre, J.-C.: Intrusion tolerance in distributed systems. In: Proc. IEEE Symp. on Research in Security and Privacy, Oakland, USA, pp. 110–121 (1991)Google Scholar
  10. 10.
    Cherry, S.M.: Took a Licking, Kept on Ticking. IEEE Spectrum (December 2002)Google Scholar
  11. 11.
    Cherry, S.M.: Striking at the Internet’s Heart. IEEE Spectrum (December 2001)Google Scholar
  12. 12.
    Madan, B.B., Goseva-Popstojanova, et al.: Modeling and Quantification of Security Attributes of Software Systems. In: Proc. DSN 2002, International Conference on Dependable Systems and Networks - International Performance and Dependability Symposium, Washington, D.C., USA (2002)Google Scholar
  13. 13.
    Singh, S., Cukier, M., Sanders, W.H.: Probabilistic Validation of an Intrusion- Tolerant Replication System. In: Proc. DSN 2003 International Conference on Dependable Systems and Networks - Dependable Computing and Communications Symposium, San Francisco, U.S.A., pp. 615–624 (2003)Google Scholar
  14. 14.
    Popov, P., Strigini, L., Romanovsky, A.: Diversity for off-the-Shelf Components. In: Proc. DSN 2000 International Conference on Dependable Systems and Networks - Fast Abstracts supplement, New York, NY, USA, pp. B60–B61 (2000)Google Scholar
  15. 15.
    Cowan, C., Pu, C.: Survivability From a Sow’s Ear: The Retrofit Security Requirement. In: Proc. Information SurvivabilityWorkshop - ISW 1998, Orlando, USA (1998)Google Scholar
  16. 16.
    Forrest, S., Somayaji, et al.: Building Diverse Computer Systems. In: Proc. 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), pp. 67–72 (1997)Google Scholar
  17. 17.
    Cowan, C., Pu, C.: Immunix: Survivability Through Specialization. In: Proc. SEI Information Survivability Workshop, San Diego (1997)Google Scholar
  18. 18.
    Casassa Mont, M., Baldwin, A., Beres, Y., Harrison, K., Sadler, M., Shiu, S.: Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Attacks. Trusted E-Services Laboratory, HP Laboratories Bristol, document HPL-2002-178 (June 26, 2002)Google Scholar
  19. 19.
    Reynolds, J., Just, J., Lawson, E., Clough, L., Maglich, R., Levitt, K.: The Design and Implementation of an Intrusion Tolerant System. In: Proc. DSN 2002 International Conference on Dependable Systems and Networks, Washington, D.C., USA, pp. 285–292 (2002)Google Scholar
  20. 20.
    Hiltunen, M.A., Schlichting, R.D., Ugarte, C.A., Wong, G.T.: Survivability through Customization and Adaptability: The Cactus Approach. In: Proc. DARPA Information Survivability Conference and Exposition (2000)Google Scholar
  21. 21.
    Wang, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., Trivedi, K., Jou, F.: SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services. In: Proc. 2001 IEEE Workshop on Information Assurance and Security, West Point, New York, U.S.A (2001)Google Scholar
  22. 22.
    Ellison, R., Fisher, D., Linger, R., Lipson, H., Longstaff, T., Mead, N.: Survivability: Protecting your critical systems. IEEE Internet Computing 3, 55–63 (1999)CrossRefGoogle Scholar
  23. 23.
    Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In: Proc. 22nd National Information Systems Security Conference, NISS, Arlington, USA (1999)Google Scholar
  24. 24.
    Zhang, Y., Vin, H., Alvisi, L., Lee, W., Dao, S.K.: Heterogeneous Networking: A New Survivability Paradigm. In: Proc. NSPW 2001, 2001 Workshop on new security paradigms, Cloudcroft, New Mexico, USA, pp. 33–39 (2001)Google Scholar
  25. 25.
    Deswarte, Y., Kanoun, K., Laprie, J.-C.: Diversity against Accidental and Deliberate Faults. In: Proc. Computer Security, Dependability and Assurance: From Needs to Solutions, York, England and Washington, D.C., USA (1998)Google Scholar
  26. 26.
    Sames, D., Matt et al.: Developing a Heterogeneous Intrusion Tolerant CORBA System. In: Proc. DSN 2002, International Conference on Dependable Systems and Networks, Washington, D.C., USA (2002)Google Scholar
  27. 27.
    Hiltunen, M.A., Schlichting, R.D., Ugarte, C.A.: Using Redundancy to Increase Survivability. In: Proc. Third Information Survivability Workshop (ISW 2000), Boston, Massachusetts, USA (2000)Google Scholar
  28. 28.
    Durst, R., Champion, et al.: Testing and Evaluating Computer Intrusion Detection Systems. Comm. of the ACM 42, 53–61 (1999)CrossRefGoogle Scholar
  29. 29.
    Maxion, R.A., Tan, K.M.C.: Benchmarking Anomaly-Based Detection Systems. In: Proc. DSN 2000, International Conference on Dependable Systems and Networks, New York, New York, USA, pp. 623–630 (2000) Google Scholar
  30. 30.
    Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., Mc Clung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. In: Proc. DARPA Information Survivability Conference and Exposition (DISCEX 2000), Hilton Head, South Carolina, U.S.A., pp. 12–26 (1999)Google Scholar
  31. 31.
    Jackson, K.A.: Intrusion detection system (IDS) product survey. Los Alamos National Laboratory, document LA-UR-99-3883 (June 1999)Google Scholar
  32. 32.
    Alessandri, D.: Using Rule-Based Activity Descriptions to Evaluate Intrusion- Detection Systems. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 183–196. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  33. 33.
    Popov, P., Strigini, L., et al.: Estimating Bounds on the Reliability of Diverse Systems. IEEE Transactions on Software Engineering SE 29, 345–359 (2003)CrossRefGoogle Scholar
  34. 34.
    Kennedy, C.M., Sloman, A.: Closed Reflective Networks: a Conceptual Framework for Intrusion-Resistant Autonomous Systems. University of Birmingham, School of Computer Science, Technical Report CSR-02-3 (February 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Bev Littlewood
    • 1
  • Lorenzo Strigini
    • 1
  1. 1.Centre for Software ReliabilityCity UniversityLondonUK

Personalised recommendations