Immunix: Survivability Through Specialization

In large-scale systems such as the Internet, the means to exploit security aws can be readily distributed, exposing a large number of systems to vulnerability. This problem is aggravated if system implementations are both xed and widely distributed. For instance, the fact that sendmail 8.7.5 has a particular vulnerability 1] can be used by numerous intruders to attack many systems. These attacks have dire consequences, because many sites are running the same code, with the same aws. The main objective of the Immunix Project is to use specialization techniques and toolkit developed in the Synthetix project 3] to improve the survivability of operating system (OS) kernels. The key idea is to use the specialization toolkit to generate a large number of correct variants of many OS modules, so some of the variants will be resistant to new, previously unknown attacks. If there are a suucient number of variant implementations, then no single attack will be able to break into all nodes. Varying system implementation through specialization provides two important forms of defense against intrusion. First, permutating the system implementation makes it harder for intruders to exploit speciic implementation aws. Even if permutation just replaces one set of implementation aws with another set of aws, intruders cannot exploit these aws if they do not know what aws to look for. Second, adaptation provides the opportunity to respond to attack. Services that are convenient, but vulnerable to attack, can be narrowed or closed. Services that previously