Survivability Analysis of K-variant Architecture for Different Memory Attacks and Defense Strategies

Abstract

Many systems require high security during a limited operational timeframe. These systems can be exposed to many attacks that prevent tasks from being completed. To reduce the chances of a successful attack and increase the security of these systems, many fault tolerance architectures and defense strategies have been developed. N-version architecture is one technique to improve reliability and security. In this architecture, functionally equivalent variants of a program are developed and executed concurrently. However, due to the high cost of developing and maintaining N versions, it is used for large budget projects. In this paper, an alternative approach to improve security is K-variant architecture. By applying safe and automated program transformations, functionally equivalent variants of the original program are generated. The goal is to shift vulnerabilities in variants into different locations. These variants are executed simultaneously to complete a task so that the chance of a successful exploitation attack is decreased. In this paper, several types of memory exploitation attacks are analyzed along with the proposed four defense strategies. The experimental study investigates the effectiveness of defense strategies against these attacks. The results suggest that K-variant architecture with the proposed defense strategies may significantly improve the security of systems.