Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services
作者: Yih Huang , Anup K. Ghosh
DOI: 10.1007/978-1-4614-0977-9_8
关键词: Server 、 Web service 、 Vulnerability (computing) 、 Engineering 、 Virtual machine 、 Service (systems architecture) 、 Computer security 、 Attack surface 、 Web application 、 Web server
摘要: Web servers are primary targets for cyber attack because of the documents they may contain, transactions support, or opportunity to cause brand damage reputational embarrassment victim organization. Today most web services implemented by employing a fixed software stack that includes server program, application programs, an operating system, and virtualization layer. This mix as whole constitutes surface service vulnerability in one components make up is potential threat entire service. chapter presents approach employs rotational scheme substituting different stacks any given request order create dynamic uncertain area system. In particular, our automatically creates set diverse virtual (VSs), each configured with unique mix, producing diversified surfaces. Our offline rotating replace online on either rotation schedule event-driven basis. Assuming N VSs, M < them will serve at time while off-line VSs reverted predefined pristine state. By constantly changing introducing randomness their selections, attackers face multiple, changing, unpredictable
springer.com
sci-hub.st 参考文章(26)
Daniel Price, Andrew Tucker, Solaris Zones: Operating System Support for Consolidating Commercial Workloads usenix large installation systems administration conference. pp. 241- 254 ,(2004)
Rafal Wojtczuk, Subverting the Xen hypervisor ,(2008)
Heinz Mauelshagen, David Teigland, Volume Managers in Linux usenix annual technical conference. pp. 185- 197 ,(2001)
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Stephen W. Boyd, Building a reactive immune system for software services usenix annual technical conference. pp. 11- 11 ,(2005) , 10.7916/D86D6562
Yih Huang, D. Arsenault, A. Sood, Incorruptible system self-cleansing for intrusion tolerance international performance computing and communications conference. ,(2006) , 10.1109/.2006.1629444
Martin Rinard, Cristian Cadar, William S. Beebee, Daniel M. Roy, Tudor Leu, Daniel Dumitran, Enhancing server availability and security through failure-oblivious computing operating systems design and implementation. pp. 21- 21 ,(2004)
Ilir Gashi, Alysson Bessani, Alessandro Daidone, Vladimir Stankovic, Rafael R. Obelheiro, Paulo Sousa, Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009). ,(2009)
Saurabh Bagchi, Miguel Correia, Partha Pal, 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems WRAITS 2009 dependable systems and networks. pp. 600- 601 ,(2009) , 10.1109/DSN.2009.5270281
G. Neiger, Intel Virtualization Technology : Hardware Support for Efficient Processor Virtualization j-INTELTECH-J. ,vol. 10, pp. 167- 177 ,(2006)
Roy T. Fielding, Richard N. Taylor, Principled design of the modern Web architecture ACM Transactions on Internet Technology. ,vol. 2, pp. 115- 150 ,(2002) , 10.1145/514183.514185