Diversity-by-Design for Dependable and Secure Cyber-Physical Systems: A Survey

  title={Diversity-by-Design for Dependable and Secure Cyber-Physical Systems: A Survey},
  author={Qisheng Zhang and Abdullah Zubair Mohammed and Zelin Wan and Jin-Hee Cho and Terrence J. Moore},
  journal={IEEE Transactions on Network and Service Management},
Diversity-based security approaches have been studied for several decades since the 1970s. The concept of diversity-by-design emerged in the 1980s. Since then, diversity-based system design research has been explored to provide more secure and dependable services in cyber-physical systems (CPSs). In this work, we are particularly interested in providing an in-depth, comprehensive survey of existing diversity-based approaches, their insights, and associated future work directions for building… 

Network Resilience Under Epidemic Attacks: Deep Reinforcement Learning Network Topology Adaptations

This work proposed a Deep reinforcement learning (DRL)-based NETwork Adaptations for network Resilience algorithm, namely DeepNETAR, which aims to generate robust network topologies against epidemic attacks by removing vulnerable edges or adding the least vulnerable edges, given multiple objectives of system security and performance.



The Multiple Facets of Software Diversity

This survey includes classical work about design and data diversity for fault tolerance, as well as the cybersecurity literature that investigates randomization at different system levels, with an emphasis on the most recent advances in the field.

Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks

This paper designs a biodiversity-inspired metric based on the effective number of distinct resources and proposes two complementary diversity metrics,based on the least and the average attacking efforts, respectively, which are evaluated through simulation.

Toward Software Diversity in Heterogeneous Networked Systems

This work designs an efficient algorithm to select and deploy a set of off-the-shelf software to hosts in a networked system, such that the number and types of vulnerabilities presented on one host would be different from that on its neighboring nodes.

A Diversity-Based Substation Cyber Defense Strategy Utilizing Coloring Games

This paper introduces a game-theoretic graph coloring technique to determine the optimal allocation of SM diversity that minimizes the impact of security vulnerabilities to the grid, and demonstrates that the proposed approach provides a Nash equilibrium solution.

Analysis of operating system diversity for intrusion tolerance

Analysis of operating system's vulnerability data from the NIST National Vulnerability Database shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion‐tolerant system.

SoK: Automated Software Diversity

This paper systematically study the state-of-the-art in software diversity and highlights fundamental trade-offs between fully automated approaches, including "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software.

ChameleonSoft: A moving target defense system

  • M. AzabRiham MansourM. Eltoweissy
  • Computer Science
    7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)
  • 2011
This study aims to evaluate the provisioned level of security by measuring the level of induced confusion and diffusion to quantify the strength of the CBE mechanism, and compute the computational cost of security provisioning and enhancing system resilience.

Security through Diversity: Leveraging Virtual Machine Technology

Using Genesis, the authors demonstrated that diversity, when judiciously applied, is a practical and effective defense against two widely used types of attacks - return-to-libc and code injection.

On achieving software diversity for improved network security using distributed coloring algorithms

It is found that hybrid versions of the algorithms incorporating multiple assignment strategies achieve better attack tolerance than any given assignment strategy, which shows that diversity must be introduced at all levels of system design, including any scheme that is used to introduce diversity itself.