K-Variant Architecture to Improve Security of Web Services and Applications

Abstract

The K-variant is a multi-variant architecture to improve security against memory exploitation attacks. Unlike other multi-execution architectures, variants in the K-variant architecture are generated by program transformations at the source code level. Because variant generation processes can be automated, the cost of systems has significantly decreased compared to similar architectures such as N-version. Multi-execution architectures were designated to improve the security of the mission and safety-critical systems. However, to meet the high-security requirements of organizations and companies, multi-execution architectures have been utilized to enhance the security of web services and applications. The increasing number of memory-related vulnerabilities in web servers and services makes systems vulnerable to memory exploitation attacks. The K-variant architecture can provide statistical security for memory exploitation attacks by providing a diversity of critical data in memory. In this paper, the design of a K-variant architecture for web services and applications is proposed. Also, different levels of diversities in K-variant systems are discussed in the implementation of the K-variant architecture.