Systematic generation of stochastic diversity as an intrusion barrier in survivable systems software

Survivable systems software must exhibit high resistance to intrusion. A process of stochastic diversification can help increase resistance to intrusion through random obscuration of survivable system properties. Intruders often rely on analysis of source code to identify and exploit vulnerability in software. The ability of intruders to understand and analyze code can be dramatically reduced through a process of stochastic unstructuring to increase software complexity as an intrusion barrier while preserving function and performance. The constructive proof of the Structure Theorem was originally applied as a systematic process for transforming complex, unstructured programs into function-equivalent structured form for improved understandability and maintenance. This process can be reversed to systematically introduce stochastic diversity by transforming structured programs into function-equivalent unstructured programs of arbitrary complexity that are virtually impossible to understand.

[1]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[2]  Jesse H. Poore,et al.  Cleanroom Software Engineering: A Reader , 1996 .

[3]  Alan R. Hevner,et al.  Principles of Information Systems Analysis and Design , 1986 .

[4]  James A. Whittaker,et al.  A Markov Chain Model for Statistical Software Testing , 1994, IEEE Trans. Software Eng..

[5]  Nancy R. Mead,et al.  Requirements definition for survivable network systems , 1998, Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.

[6]  Harlan D. Mills,et al.  Structured programming - theory and practice , 1979, The systems programming series.

[7]  J. Nunamaker,et al.  Proceedings of the 32nd Hawaii International Conference on System Sciences , 1999 .

[8]  Richard C. Linger Software maintenance as an engineering discipline , 1988, Proceedings. Conference on Software Maintenance, 1988..

[9]  Harlan D. Mills Certifying the correctness of software , 1992, Proceedings of the Twenty-Fifth Hawaii International Conference on System Sciences.

[10]  Alan R. Hevner,et al.  Using function abstraction to understand program behavior , 1990, IEEE Software.