The Monoculture Risk Put into Context
作者: Kenneth P. Birman , Fred B. Schneider
DOI: 10.1109/MSP.2009.24
关键词:
摘要: Conventional wisdom holds that software monocultures are exceptionally vulnerable to malware outbreaks. The authors argue this oversimplifies and misleads. An analysis based on attacker reactions suggests deploying a monoculture in conjunction with automated diversity is indeed very sensible defense.
ieeecomputersociety.org参考文章(10)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh, On the effectiveness of address-space randomization computer and communications security. pp. 298- 307 ,(2004) , 10.1145/1030083.1030124
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization computer and communications security. pp. 272- 280 ,(2003) , 10.1145/948109.948146
Ana Nora Sovarel, Nathanael Paul, David Evans, Where's the FEEB? the effectiveness of instruction set randomization usenix security symposium. pp. 10- 10 ,(2005)
Jun Xu, Z. Kalbarczyk, R.K. Iyer, Transparent runtime randomization for security symposium on reliable distributed systems. pp. 260- 269 ,(2003) , 10.1109/RELDIS.2003.1238076
S. Forrest, A. Somayaji, D.H. Ackley, Building diverse computer systems Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133). pp. 67- 72 ,(1997) , 10.1109/HOTOS.1997.595185
Emery D. Berger, Benjamin G. Zorn, DieHard ACM SIGPLAN Notices. ,vol. 41, pp. 158- 168 ,(2006) , 10.1145/1133255.1134000
David A. Patterson, Archana Ganapathi, David Oppenheimer, Why Do Internet Services Fail, and What Can Be Done About It? usenix symposium on internet technologies and systems. pp. 1- 1 ,(2002)
Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Darko Stefanović, Randomized instruction set emulation ACM Transactions on Information and System Security. ,vol. 8, pp. 3- 40 ,(2005) , 10.1145/1053283.1053286
Elena Gabriela Barrantes, David H Ackley, Stephanie Forrest, Trek S Palmer, Darko Stefanovic, Dino Dai Zovi, Randomized instruction set emulation to disrupt binary code injection attacks computer and communications security. pp. 281- 289 ,(2003) , 10.1145/948109.948147