Numerous software systems, particularly mission and safety-critical systems, require a high level of security during their execution.... Show moreNumerous software systems, particularly mission and safety-critical systems, require a high level of security during their execution. Enhancing software security through architecture is a highly effective method of defending against cyberattacks. The N-version is a software architecture that was developed to increase the security of software systems. In the N-version architecture, functionally equivalent versions of a program run concurrently to complete a mission or task. Each version is developed independently by a different team using only the software specifications in common. As a result, each version is expected to contain unique vulnerabilities. Due to the high cost of developing and maintaining an N-version system, this architecture is typically used only in high-budget projects requiring a high-security level. The K-variant, an alternative architecture for enhancing system security, is explained and analyzed in this thesis. In contrast to the N-version architecture, each variant is automatically generated using source-to-source program transformation techniques. Automation significantly reduces the cost of developing variants in the K-variant architecture.
The K-variant architecture can help protect systems from memory exploitation attacks. Various attack strategies can be used against K-variant systems in order to increase the likelihood of a successful attack. Various attack strategies are proposed and investigated in this thesis. Furthermore, experimental studies are being conducted to investigate various defense mechanisms against proposed attack strategies. The effectiveness of each defense mechanism against various attack strategies is evaluated by using a metric of the probability of an unsuccessful attack. Additionally, various source code program transformation techniques for generating new variants in the K-variant architecture have been proposed and investigated experimentally.
This thesis also describes a machine learning technique for estimating the survivability of K-variant systems under various attack types and defense strategies. To make the design of K-variant systems easier, a neural network model is proposed. With the developed tool that utilizes the neural network model, fast and accurate predictions about the survivability of K-variant systems can be obtained. Show less