Use of diversity as a defense mechanism

Diversity, a concept suggestive of a composition of distinct or unlike elements or qualities, has served to mitigate error in modern computer systems for decades, going back at least as far as the 1971 JPL STAR (self testing and repairing) system, designed and built in the Spacecraft Computers Section of the Jet Propulsion Laboratory Astrionics Division [2]. In that context the concept of diversity was termed redundancy. In computer security, diversity is being contemplated as an approach toward mitigating security breaches, or what might be regarded as errors in security. The panel contemplates various issues regarding diversity and security, and this panelist in particular raises a number of questions whose answers may prove valuable at such time as they become available. Until then, perhaps these questions will serve to provoke thoughtful research directions.

[1]  Robert S. Swarz,et al.  Reliable Computer Systems: Design and Evaluation , 1992 .

[2]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[3]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[4]  Algirdas Avizienis,et al.  The STAR (Self-Testing And Repairing) Computer: An Investigation of the Theory and Practice of Fault-Tolerant Computer Design , 1971, IEEE Transactions on Computers.

[5]  Eric Totel,et al.  COTS Diversity Based Intrusion Detection and Application to Web Servers , 2005, RAID.

[6]  Kymie M. C. Tan,et al.  The effects of algorithmic diversity on anomaly detector performance , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[7]  Daniel P. Siewiorek,et al.  Reliable Computer Systems: Design and Evaluation, Third Edition , 1998 .

[8]  J. Goldberg,et al.  SIFT: Design and analysis of a fault-tolerant computer for aircraft control , 1978, Proceedings of the IEEE.

[9]  James C. Reynolds,et al.  On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[10]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).