Defeating denial-of-service attacks in a self-managing N-Variant system

Jessica Jones, Jason D. Hiser, Jack W. Davidson, Stephanie Forrest

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

N-variant systems protect software from attack by executing multiple variants of a single program in parallel, checking regularly that they are behaving consistently. The variants are designed to behave identically during normal operation and differently during an attack. When different behavior (divergence) is detected, N-variant systems self-heal by either rolling back to a safe state or restarting. Unfortunately, an attacker can create a denial-of-service (DoS) attack from a diverging input by using it to force an N-variant system into an endless diverge/restart cycle. This paper describes a defense, CRISPR-Inspired Program Resiliency (Crispy), that automatically protects N-variant systems from such DoS attacks. Crispy mitigates DoS attacks against N-variant systems using an automatic signature generation technique modeled on CRISPR/Cas, the bacterial adaptive immune system. Experiments on two webservers using exploits developed by an independent Red Team showed Crispy protected against 87.5% of DoS attacks with zero false positives. Overhead was minimal and varied according to the number of signatures maintained, which can be tailored to the threat model and performance requirements.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2019
PublisherIEEE Computer Society
Pages126-138
Number of pages13
ISBN (Electronic)9781728133683
DOIs
StatePublished - May 2019
Event14th IEEE/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2019 - Montreal, Canada
Duration: May 25 2019May 26 2019

Publication series

NameICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems
Volume2019-May
ISSN (Print)2157-2305
ISSN (Electronic)2156-7891

Conference

Conference14th IEEE/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2019
CountryCanada
CityMontreal
Period5/25/195/26/19

Keywords

  • adaptive systems
  • security
  • software systems

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Fingerprint Dive into the research topics of 'Defeating denial-of-service attacks in a self-managing N-Variant system'. Together they form a unique fingerprint.

  • Cite this

    Jones, J., Hiser, J. D., Davidson, J. W., & Forrest, S. (2019). Defeating denial-of-service attacks in a self-managing N-Variant system. In Proceedings - 2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2019 (pp. 126-138). [8787016] (ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems; Vol. 2019-May). IEEE Computer Society. https://doi.org/10.1109/SEAMS.2019.00024