Multitier Diversification in Web-Based Software Applications

  title={Multitier Diversification in Web-Based Software Applications},
  author={Simon Allier and Olivier Barais and Beno{\^i}t Baudry and Johann Bourcier and Erwan Daubert and Franck Fleurey and Monperrus Martin and Hui Song and Maxime Tricoire},
  journal={IEEE Software},
Web application development benefits massively from modular architectures and reuse. This excellent software engineering practice is also the source of a new form of monoculture in application-level co de, which creates a potential risk for dependability. Researchers propose using software diversification in multiple components of Web applications to reconcile the tension between reuse and dependability. This article identifies key enablers for the effective diversification of software… 

Figures from this paper

A Framework for Multi-Variant Execution Environment

This paper proposes a framework for multi-variant execution environment to enhance the security of software systems and addresses different aspects when implementing a MVEE.

Automatic Software Diversity in the Light of Test Suites

The investigation of the influence of test suites on sosiefication exploits the following observation: test suites cover the different regions of programs in very unequal ways, and it is hypothesized that sosie synthesis has different performances on a statement that is covered by one hundred test case and on a statements that are covered by a single test case.

The Multiple Facets of Software Diversity

This survey includes classical work about design and data diversity for fault tolerance, as well as the cybersecurity literature that investigates randomization at different system levels, with an emphasis on the most recent advances in the field.

SAD : building software moving targets to prevent massive attacks on distributed applications Context and scope of the project

  • Computer Science
  • 2017
The main objective of this SAD project is to build a platform to automatically synthesize massive quantities of variants of client-server software components, to create a moving target against the large scale exploitation of vulnerabilities.

TaLTaC 3.0. A Multi-level Web Platform for Textual Big Data in the Social Sciences

The TaLTaC version 3.0 (from now on T3) has been redesigned to overcome limits, including recoding of all inner software components with modern web-related languages and standards and adoption of a new kind of database capable to handle corpora in the order of magnitude of gigabytes.

Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment

The design of an academic master-level course aimed at DevOps is presented, based on earlier experiences in teaching DevOps-related topics, using the SWEBOK Guide and Bloom’s taxonomy to enhance the quality of the course design specification, and ease its assessment once delivered.

Internal interface diversification as a method against malware

The three solutions implemented enhanced the multi-layer security of the testing environment with little to no cost on system performance and would be ideal for IoT devices and other smaller systems which rarely require updating, as well as restricted and static systems and critical systems with high-security requirements.

Active Customization-Oriented Adaptive SOA with Runtime Exception Handling

Combination of theoretical research and empirical validation, the paper tries to provide a technical operational and cost-effective solution for SOA with adaptive mechanism and promoting the adaptive ability for runtime requirements evolution.

Runtime Exceptions Handling for Collaborative SOA Applications

Combination of theoretical research and empirical validation is tried to provide a technical operational and cost-effective solution with collaborative mechanism and promoting SOA runtime adaptive ability for runtime requirements evolution and exception handling.



Security through Diversity: Leveraging Virtual Machine Technology

Using Genesis, the authors demonstrated that diversity, when judiciously applied, is a practical and effective defense against two widely used types of attacks - return-to-libc and code injection.

Towards Model-Driven Provisioning, Deployment, Monitoring, and Adaptation of Multi-cloud Systems

A classification of the state-of-the-art of cloud solutions is provided, and the need for model-driven engineering techniques and methods facilitating the specification of provisioning, deployment, monitoring, and adaptation concerns of multi-cloud systems at design-time and their enactment at run-time is argued.

SoK: Automated Software Diversity

This paper systematically study the state-of-the-art in software diversity and highlights fundamental trade-offs between fully automated approaches, including "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software.

Tailored source code transformations to synthesize computationally diverse program variants

This work addresses two objectives: comparing dierent transformations for increasing the likelihood of sosie synthe- sis (densifying the search space for sosies); demonstrating computation diversity in synthesized sosying.

Automatically finding patches using genetic programming

A fully automated method for locating and repairing bugs in software that works on off-the-shelf legacy applications and does not require formal specifications, program annotations or special coding practices is introduced.

The Superdiversifier: Peephole Individualization for Software Protection

This work presents a new approach to individualize programs at the machine- and byte-code levels based on the compiler technique of superoptimization, which performs a brute-force search over all possible short instruction sequences to find minimum-size implementations of desired functions.

Building diverse computer systems

Several methods of achieving software diversity are discussed based on randomizations that respect the specified behavior of the program, which could potentially increase the robustness of software systems with minimal impact on convenience, usability, and efficiency.

Automated Software Diversity

Vulnerabilities in low-level systems software leave users exposed to malware, theft, and monitoring. Automatic software diversity makes weaponization of these vulnerabilities much harder. The premise

Risks of monoculture

T he W32/Blaster worm burst onto the Internet scene in August of 2003. By exploiting a buffer overflow in Windows, the worm was able to infect more than 1.4 million systems worldwide in less than a

Quality of service profiling

The experimental results from applying the implemented quality of service profiler to a challenging set of benchmark applications show that it can enable developers to identify promising optimization opportunities and deliver successful optimizations that substantially increase the performance with only smallquality of service losses.