iDEA: Drexel E-repository and Archives: Security through network-wide diversity assignment

www.drexel.edu	DREXEL UNIVERSITY LIBRARIES HOMEPAGE >>
	DREXEL ARCHIVES >>

Browse
	Communities & Collections
	Titles
	Authors
	Subjects
	By Date

Sign on to:
	Receive email updates
	My iDEA authorized users
	Edit Profile

iDEA: Drexel E-repository and Archives > Drexel Theses and Dissertations > Drexel Theses and Dissertations > Security through network-wide diversity assignment

Please use this identifier to cite or link to this item: http://hdl.handle.net/1860/551

File	Description	Size	Format
ODonnell_Adam.pdf		1.21 MB	Adobe PDF	View/Open

Title:	Security through network-wide diversity assignment
Authors:	O’Donnell, Adam J.
Keywords:	Electric engineering Computer science Computer security
Issue Date:	29-Sep-2005
Abstract:	The best efforts of the computer security community have not eliminated software with hidden attackable vulnerabilities in the world. Code analyzers and hardened operating environments have reduced software bugs. Improved training has created capable security administrators who have decreased the population of exploitable systems through attentive patching and network access control. A third approach to combating vulnerabilities has been proposed which requires the use of diverse software packages to slow or stop attackers. Literature examining the topic of software diversity details a variety of implementations, but for both business and technical reasons, the limited number of functionally equivalent yet distinct software packages makes diversity a less effective strategy than one may like. In this dissertation, we make diversity a viable security strategy despite the limited number of diverse systems. We abstract the software diversity concept to a hypergraph by considering how techniques for generating diversity interact and present themselves to attackers. We show that diversity’s utility can be increased through the use of graph coloring algorithms. We design a series of distributed graph coloring algorithms and test these on real-world graphs collected from the BGP topology of the IPv6 backbone and nine months of e-mail traffic. The diversity assignments are quantified through the use of graph theory-based metrics, such as the monochromatic edge count and the disconnected component count, as well as the epidemic threshold, a metric borrowed from epidemiology research. Any methodology for increasing the attack tolerance of a network is destined to come under attack itself. We examine the tradeoff between the quality of our algorithm’s diversity assignment produced and our algorithm’s attack tolerance. We show that the attack tolerance of our algorithms can be increased by presenting an attacker with a diversity of graph coloring algorithms. Based upon our observations, simulations, and analysis we are left with a confirmation of our thesis: not only is diversity critical for improving the attack tolerance of a network, but diversitymust be applied at all levels of system design including mechanisms to introduce the diversity itself.
URI:	http://hdl.handle.net/1860/551
Appears in Collections:	Drexel Theses and Dissertations

Items in iDEA are protected by copyright, with all rights reserved, unless otherwise indicated.

DSpace Software Copyright © 2002-2007 MIT and Hewlett-Packard - Feedback