Skip to main content

N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications

Publication ,  Conference
Polinsky, I; Martin, K; Enck, W; Reiter, MK
Published in: CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
March 16, 2020

Web servers are a popular target for adversaries as they are publicly accessible and often vulnerable to compromise. Compromises can go unnoticed for months, if not years, and recovery often involves a complete system rebuild. In this paper, we propose n-m-Variant Systems, an adversarial-resistant software rejuvenation framework for cloud-based web applications. We improve the state-of-the-art by introducing a variable m that provides a knob for administrators to tune an environment to balance resource usage, performance overhead, and security guarantees. Using m, security guarantees can be tuned for seconds, minutes, days, or complete resistance. We design and implement an n-m-Variant System prototype to protect a Mediawiki PHP application serving dynamic content from an external SQL persistent storage. Our performance evaluation shows a throughput reduction of 65% for 108 seconds of resistance and 83% for 12 days of resistance to sophisticated adversaries, given appropriate resource allocation. Furthermore, we use theoretical analysis and simulation to characterize the impact of system parameters on resilience to adversaries. Through these efforts, our work demonstrates how properties of cloud-based servers can enhance the integrity of Web servers.

Duke Scholars

Published In

CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

March 16, 2020

Start / End Page

235 / 246
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Polinsky, I., Martin, K., Enck, W., & Reiter, M. K. (2020). N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications. In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (pp. 235–246). https://doi.org/10.1145/3374664.3375745
Polinsky, I., K. Martin, W. Enck, and M. K. Reiter. “N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications.” In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy, 235–46, 2020. https://doi.org/10.1145/3374664.3375745.
Polinsky I, Martin K, Enck W, Reiter MK. N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications. In: CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. 2020. p. 235–46.
Polinsky, I., et al. “N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications.” CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy, 2020, pp. 235–46. Scopus, doi:10.1145/3374664.3375745.
Polinsky I, Martin K, Enck W, Reiter MK. N-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications. CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. 2020. p. 235–246.

Published In

CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

March 16, 2020

Start / End Page

235 / 246