Multitier Diversification in Web-Based Software Applications

@article{Allier2015MultitierDI,
  title={Multitier Diversification in Web-Based Software Applications},
  author={Simon Allier and Olivier Barais and B. Baudry and J. Bourcier and E. Daubert and F. Fleurey and Monperrus Martin and Hui Song and Maxime Tricoire},
  journal={IEEE Software},
  year={2015},
  volume={32},
  pages={83-90}
}
Web application development benefits massively from modular architectures and reuse. This excellent software engineering practice is also the source of a new form of monoculture in application-level co de, which creates a potential risk for dependability. Researchers propose using software diversification in multiple components of Web applications to reconcile the tension between reuse and dependability. This article identifies key enablers for the effective diversification of software… Expand
Automated design of multi-layered web information systems
TLDR
The methodology for MDWE is detailed, which is supported by automated design techniques strictly associated with use case patterns of type CRUD, which relies on iterations that are possible for execution with short time-scales. Expand
Automatic Software Diversity in the Light of Test Suites
TLDR
The investigation of the influence of test suites on sosiefication exploits the following observation: test suites cover the different regions of programs in very unequal ways, and it is hypothesized that sosie synthesis has different performances on a statement that is covered by one hundred test case and on a statements that are covered by a single test case. Expand
The Multiple Facets of Software Diversity
TLDR
This survey includes classical work about design and data diversity for fault tolerance, as well as the cybersecurity literature that investigates randomization at different system levels, with an emphasis on the most recent advances in the field. Expand
Quality and Web Software Engineering Advances
In this chapter, the main avant-garde components that favor quality on the web are disclosed, especially from the perspectives of software and design. At the same time, the deviations of theseExpand
SAD : building software moving targets to prevent massive attacks on distributed applications Context and scope of the project
  • 2017
Don’t reinvent the wheel! All software developers adopt this motto and massively reuse code all over the software stack. For example, the Wordpress content management system is massively reused toExpand
TaLTaC 3.0. A Multi-level Web Platform for Textual Big Data in the Social Sciences
TLDR
The TaLTaC version 3.0 (from now on T3) has been redesigned to overcome limits, including recoding of all inner software components with modern web-related languages and standards and adoption of a new kind of database capable to handle corpora in the order of magnitude of gigabytes. Expand
Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment
TLDR
The design of an academic master-level course aimed at DevOps is presented, based on earlier experiences in teaching DevOps-related topics, using the SWEBOK Guide and Bloom’s taxonomy to enhance the quality of the course design specification, and ease its assessment once delivered. Expand
Internal interface diversification as a method against malware
TLDR
The three solutions implemented enhanced the multi-layer security of the testing environment with little to no cost on system performance and would be ideal for IoT devices and other smaller systems which rarely require updating, as well as restricted and static systems and critical systems with high-security requirements. Expand
Active Customization-Oriented Adaptive SOA with Runtime Exception Handling
TLDR
Combination of theoretical research and empirical validation, the paper tries to provide a technical operational and cost-effective solution for SOA with adaptive mechanism and promoting the adaptive ability for runtime requirements evolution. Expand
Runtime Exceptions Handling for Collaborative SOA Applications
TLDR
Combination of theoretical research and empirical validation is tried to provide a technical operational and cost-effective solution with collaborative mechanism and promoting SOA runtime adaptive ability for runtime requirements evolution and exception handling. Expand
...
1
2
3
...

References

SHOWING 1-10 OF 23 REFERENCES
Security through Diversity: Leveraging Virtual Machine Technology
TLDR
Using Genesis, the authors demonstrated that diversity, when judiciously applied, is a practical and effective defense against two widely used types of attacks - return-to-libc and code injection. Expand
Towards Model-Driven Provisioning, Deployment, Monitoring, and Adaptation of Multi-cloud Systems
TLDR
A classification of the state-of-the-art of cloud solutions is provided, and the need for model-driven engineering techniques and methods facilitating the specification of provisioning, deployment, monitoring, and adaptation concerns of multi-cloud systems at design-time and their enactment at run-time is argued. Expand
SoK: Automated Software Diversity
TLDR
This paper systematically study the state-of-the-art in software diversity and highlights fundamental trade-offs between fully automated approaches, including "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software. Expand
Tailored source code transformations to synthesize computationally diverse program variants
TLDR
This work addresses two objectives: comparing dierent transformations for increasing the likelihood of sosie synthe- sis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosying. Expand
Automatically finding patches using genetic programming
TLDR
A fully automated method for locating and repairing bugs in software that works on off-the-shelf legacy applications and does not require formal specifications, program annotations or special coding practices is introduced. Expand
The Superdiversifier: Peephole Individualization for Software Protection
TLDR
This work presents a new approach to individualize programs at the machine- and byte-code levels based on the compiler technique of superoptimization, which performs a brute-force search over all possible short instruction sequences to find minimum-size implementations of desired functions. Expand
Building diverse computer systems
TLDR
Several methods of achieving software diversity are discussed based on randomizations that respect the specified behavior of the program, which could potentially increase the robustness of software systems with minimal impact on convenience, usability, and efficiency. Expand
Which is riskier: OS diversity or OS monopoly?
TLDR
Diversity, when combined with redundancy, is a well-established approach to increasing the reliability of safety-critical systems, but that increasing diversity does not always improve reliability is obvious. Expand
Protection of software-based survivability mechanisms
TLDR
A theoretical result is presented which shows that a precise analysis of the transformed program, in the general case, is NP-hard and the applicability of the techniques is demonstrated with empirical results. Expand
Automated Software Diversity
Vulnerabilities in low-level systems software leave users exposed to malware, theft, and monitoring. Automatic software diversity makes weaponization of these vulnerabilities much harder. The premiseExpand
...
1
2
3
...