Issue No. 02 - Mar.-Apr. (2014 vol. 12)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2013.129
Per Larsen , University of California, Irvine
Stefan Brunthaler , University of California, Irvine
Michael Franz , University of California, Irvine
Because most software attacks rely on predictable behavior on the target platform, mass distribution of identical software facilitates mass exploitation. Countermeasures include moving-target defenses in general and biologically inspired artificial software diversity in particular. Although the concept of software diversity has interested researchers for more than 20 years, technical obstacles prevented its widespread adoption until now. Massive-scale software diversity has become practical due to the Internet (enabling distribution of individualized software) and cloud computing (enabling the computational power to perform diversification). In this article, the authors take stock of the current state of software diversity research. The potential showstopper issues are mostly solved; the authors describe the remaining issues and point to a realistic adoption path.
Computer security, Program processors, Computer crime, Software architecture, Runtime environment, Memory management, Prediction methods, Internet,testing and debugging, system issues, software engineering, compilers, programming languages, error handling and recovery
Per Larsen, Stefan Brunthaler, Michael Franz, "Security through Diversity: Are We There Yet?", IEEE Security & Privacy, vol. 12, no. , pp. 28-35, Mar.-Apr. 2014, doi:10.1109/MSP.2013.129