Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

hp.com home

Technical Reports

printable version

HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» Worldwide sites
» Downloads
Content starts here

  Click here for full text: PDF

Towards Diversity of COTS Software Applications: Reducing Risks of Widespread Faults and Attacks

Casassa Mont, Marco; Baldwin, Adrian; Beres, Yolanta; Harrison, Keith; Sadler, Martin; Shiu, Simon


Keyword(s): COTS applications; diversity; faults; attacks; survivability; security; trust

Abstract: Recent IT attacks demonstrated how vulnerable consumers and enterprises are when adopting commercial and widely deployed operating systems, software applications and solutions. Diversity in software applications is fundamental to increase chances of survivability to faults and attacks. Current approaches to diversity are mainly based on the development of multiple versions of the same software, their parallel execution and the usage of voting mechanisms. Because of the high cost, they are used mainly for very critical and special cases. We introduce and discuss an alternative method to ensure diversity for common, widespread software applications without requiring additional computational resources. This method takes advantage of the componentisation of modern software solutions and enforces diversity at the installation time, by a random selection and deployment of critical software components. Randomisation criteria are adaptable to feedback gathered from software installations and affect software components' lifecycle. We describe a few encouraging results obtained from simulations.

15 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.