Genesis

From Dependability

Genesis: A Framework for Achieving Component Diversity

Contents 1 Research Summary 2 People 2.1 Principal Investigator 2.2 Co-Investigators 2.3 Research Staff 2.4 Graduate Students 3 In The News 4 Papers 5 Talks 6 Related Projects by the PIs 7 Funding

Research Summary

We seek to reproduce the genetic diversity found in nature by deliberately and systematically introducing diversity in software components. The hope is that while the phenotype of software components will be similar (its functional behavior), its genotype will contain enough variations to protect the population against a broad class of diseases (attacks, aging).

As our engine of software diversity, we will use a systematic and comprehensive methodology based on two fundamental and complementary approaches: design diversity and data diversity. Design diversity is the creation of multiple implementations of a given specification such that the different implementations have different designs. Data diversity is the use of multiple copies of a single implementation with each copy operating on different input data but yielding the same desired results. In data diversity, the different data streams are produced by a process known as data re-expression. Each diversity approach will be applied systematically at multiple levels of software representation to produce a spectrum of techniques for the creation of diverse software components.

People

Principal Investigator

John Knight (University of Virginia)

Co-Investigators

• Jack Davidson (University of Virginia)
• David Evans (University of Virginia)
• Anh Nguyen–Tuong (University of Virginia)
• Chenxi Wang (Carnegie Mellon University)

Research Staff

• Adrian Filipi
• Jonathan Rowanhill

Graduate Students

• Benjamin Cox
• Michael Crane
• Wei Hu
• Jeffrey Shirley
• Ana Nora Sovarel
• Dan Williams

In The News

Salon. Computer, heal thyself, 12 July 2004. (Original Article, Archive Copy)

Information Security Magazine. BIOLOGY: Back to Nature?. July 2004. (Original Article, Archive Copy)

Defense Aerospace. DARPA Selects Contractors for Self-Regenerative Systems Program. April 15, 2004. (Original Article, Archive Copy)

Papers

Secure and Practical Defense Against Code-injection Attacks using Software Dynamic Translation. Wei Hu, Jason Hiser, Dan Williams, Adrian Filipi, Jack W. Davidson, David Evans,John C. Knight, Anh Nguyen-Tuong, Jonathan Rowanhill. To appear in Virtual Execution Environments Conference, June 2006 (PDF, HTML)

Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Ana Nora Sovarel, David Evans and Nathanael Paul. 14th USENIX Security Symposium. Baltimore, MD. August 2005. (PDF, HTML, 16 pages)

Automatically Hardening Web Applications Using Precise Tainting. Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans. Twentieth IFIP International Information Security Conference (SEC 2005). 30 May - 1 June 2005, Chiba, Japan. (PDF, 12 pages)

.NET Security: Lessons Learned and Missed from Java. Nathanael Paul and David Evans. Twentieth Annual Computer Security Applications Conference (ACSAC 2004). December 6-10, 2004, Tucson, Arizona. (PDF, 10 pages)

Localization for Mobile Sensor Networks. Lingxuan Hu and David Evans. To appear in Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). 26 September - 1 October 2004. (PDF, 13 pages)

Talks

Processes: N-Variant Systems for Secretless Security ([1]) (David Evans). DARPA SRS PIs Meeting, Alexandria, VA. 12 July 2005.

Stealing Secrets and Secretless Security Structures (PPT) (David Evans). Colloquim at Harvard University. 27 June 2005.

Security Through Diversity (PPT) (David Evans). Colloquim at MIT CSAIL. 23 June 2005.

Automatically Hardening Web Applications Using Precise Tainting (PPT) (Salvatore Guarnieri). Twentieth IFIP International Information Security Conference (SEC 2005). 30 May - 1 June 2005, Chiba, Japan.

Where's the FEEB?: The Effectiveness of Instruction Set Randomization (PPT) (David Evans). Invited CERIAS Seminar at Purdue University, Indiana. 9 March 2005.

What Biology Can (and Can't) Teach Us About Security (PPT, PDF) (David Evans). Invited talk at USENIX Security Symposium, San Diego, August 12, 2004.

GENESIS: A Farmework for Achieving Component Diversity (PPT) (John Knight). DARPA SRS PI's Kickoff Meeting, Arlington, Virginia, 20 July 2004.

Related Projects by the PIs

• IPA — Inexpensive Program Analysis
• Physicrypt — Physical Cryptography and Security Group
• STILT — System for Terrorism Intervention and Large-Scale Teamwork
• Swarm Computing
• Willow Survivability Architecture
• Zephyr
• N-Variant_Systems_Framework - N-Variant Systems Framework and Secretless Security

Funding

Our research is funded by DARPA's Self-Regenerative Systems (SRS) program.