Software Diversity for Improved Network Security: Optimal Distribution of Software-Based Shared Vulnerabilities
成果类型:
Article
署名作者:
Temizkan, Orcun; Park, Sungjune; Saydam, Cem
署名单位:
Ozyegin University; University of North Carolina; University of North Carolina Charlotte
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2017.0722
发表日期:
2017
页码:
828-849
关键词:
epidemic outbreaks
externalities
failures
vendors
risks
摘要:
Firms, and other agencies, tend to adopt widely used software to gain economic benefits of scale, which can lead to a software monoculture. This can, in turn, involve the risk of correlated computer systems failure as all systems on the network are exposed to the same software-based vulnerabilities. Software diversity has been introduced as a strategy for disrupting such a monoculture and ultimately decreasing the risk of correlated failure. Nevertheless, common vulnerabilities can be shared by different software products. We thus expand software diversity research here and consider shared vulnerabilities between different software alternatives. We develop a combinatorial optimization model of software diversity on a network in an effort to identify the optimal software distribution that best improves network security. We also develop a simulation model of virus propagation based on the susceptible-infected-susceptible model. This model allows calculation of the epidemic threshold, a measure of network resilience to virus propagation. We then test the effectiveness of the proposed software diversity strategies against the spreading of viruses through a series of experiments.
来源URL: