Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Software Diversity for Improved Network Security: Optimal Distribution of Software-Based Shared Vulnerabilities

Published Online:31 Aug 2017https://doi.org/10.1287/isre.2017.0722

References

  • Alber J, Fellows MR, Niedermeier R (2004) Polynomial-time data reduction for dominating set. J. ACM 51(3):363–384.CrossrefGoogle Scholar
  • Albert R, Jeong H, Barabási AL (2000) Error and attack tolerance of complex networks. Nature 406:378–382.CrossrefGoogle Scholar
  • Alhazmi OH, Malaiya YK, Ray I (2007) Measuring, analyzing and predicting security vulnerabilities in software systems. Comput. Security 26(3):219–228.CrossrefGoogle Scholar
  • Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee Get al. (2010) A view of cloud computing. Comm. ACM 53(4):50–58.CrossrefGoogle Scholar
  • Arora A, Krishnan R, Telang R, Yang Y (2010) An empirical analysis of software vendors’ patch release behavior: Impact of vulnerability disclosure. Inform. Systems Res. 21(1):115–132.LinkGoogle Scholar
  • August T, Niculescu MF, Shin H (2014) Cloud implications on software network structure and security risks. Inform. Systems Res. 25(3):489–510.LinkGoogle Scholar
  • Bailey MG (2005) Malware resistant networking using system diversity. Proc. 6th Conf. Inform. Tech. Ed. (ACM, New York), 191–197.CrossrefGoogle Scholar
  • Bailey NJT (1975) The Mathematical Theory of Infectious Diseases and Its Applications (Oxford University Press, New York).Google Scholar
  • Barabási AL, Albert R (1999) Emergence of scaling in random networks. Science 286:509–512.CrossrefGoogle Scholar
  • Barabási AL, Bonabeau E (2003) Scale-free networks. Sci. Amer. 288(5):60–69.CrossrefGoogle Scholar
  • Barabási AL, Albert R, Jeong H (2000) Scale-free characteristics of random networks: The topology of the world-wide web. Physica A 281:69–77.CrossrefGoogle Scholar
  • Barthelemy M, Barrat A, Pastor-Satorras R, Vespignani A (2005) Dynamical patterns of epidemic outbreaks in complex heterogeneous networks. J. Theoret. Biol. 235(2):275–288.CrossrefGoogle Scholar
  • Baudry B, Monperrus M (2015) The multiple facets of software diversity: Recent developments in year 2000 and beyond. ACM Comput. Surveys 48(1):1–26.CrossrefGoogle Scholar
  • Birman KP, Schneider FB (2009) The monoculture risk put into context. IEEE Security Privacy 7(1):14–17.CrossrefGoogle Scholar
  • Borgatti SP, Everett MG, Freeman LC (2002) Ucinet for windows: Software for social network analysis. Analytic Technologies, Harvard, MA.Google Scholar
  • Börner K, Sanyal S, Vespignani A (2007) Network science. Annual Rev. Inform. Sci. Tech. 41:537–607.CrossrefGoogle Scholar
  • Brynjolfsson E, Kemerer C (1996) Network externalities in microcomputer software: An econometric analysis of the spreadsheet market. Management Sci. 42(12):1627–1647.LinkGoogle Scholar
  • Caldarelli G, Marchetti R, Pietronero L (2000) The fractal properties of Internet. Europhysics Lett. 52(4):386–391.CrossrefGoogle Scholar
  • Chen P, Carley KM (2004) The impact of countermeasure propagation on the prevalence of computer viruses. IEEE Trans. Systems, Man, Cybernetics, Part 2 34(2):823–833.CrossrefGoogle Scholar
  • Chen P, Kataria G, Krishnan R (2005) Software diversity for information security. Proc. 4th Workshop Econom. Inform. Systems, Boston.Google Scholar
  • Chen P, Kataria G, Krishnan R (2011) Correlated failures, diversification, and information security risk management. MIS Quart. 35(2):397–422.CrossrefGoogle Scholar
  • Cover TM, Thomas JA (2006) Elements of Information Theory (John Wiley & Sons, Hoboken, NJ).Google Scholar
  • Cox B, Evans D, Filipi A, Rowanhill J, Hu W, Davidson J, Knight J, Nguyen-Tuong A, Hiser J (2006) N-variant systems: A secretless framework for security through diversity. Proc. 15th USENIX Security Sympos. (USENIX, Berkeley, CA), 1–16.Google Scholar
  • CPLEX (2015) Starting from a solution: MIP starts. http://www-01.ibm.com/support/knowledgecenter/SSSA5P_12.6.3/ilog.odms.cplex.help/CPLEX/UsrMan/topics/discr_optim/mip/para/49_mipStarts.html.Google Scholar
  • Eckhardt DE, Lee LD (1985) A theoretical basis of multi-version software subject to coincident errors. IEEE Trans. Software Engrg. 11(12):1511–1517.CrossrefGoogle Scholar
  • Endler M (2014) Mac enterprise adoption grows. InformationWeek (June 11), http://www.informationweek.com/infrastructure/pc-and-servers/mac-enterprise-adoption-grows/d/d-id/1269595.Google Scholar
  • Faloutsos M, Faloutsos P, Faloutsos C (1999) On power-law relationships of the Internet topology. ACM SIGCOMM Comput. Comm. Rev. 29(4):251–262.CrossrefGoogle Scholar
  • Freeman LC (1979) Centrality in social networks: Conceptual clarification. Soc. Networks 1:215–239.CrossrefGoogle Scholar
  • Garcia M, Bessani A, Gashi I, Neves N, Obelheiro R (2011) OS diversity for intrusion tolerance: Myth or reality? Proc. IEEE/IFIP Internat. Conf. Dependable Systems Networks (IEEE Computer Society, Los Alamitos, CA), 383–394.CrossrefGoogle Scholar
  • Goodrich MT, Tamassia R (2001) Algorithm Design: Foundations, Analysis, and Internet Examples (John Wiley & Sons, New York).Google Scholar
  • Gorbenko A, Kharchenko V, Tarasyuk O, Romanovsky A (2011) Using diversity in cloud-based deployment environment to avoid intrusions. Troubitsyna EA, ed. Software Engrg. Resilient Systems. SERENE 2011, Lecture Notes Comput. Sci., Vol. 6968 (Springer, Berlin Heidelberg), 145–155.CrossrefGoogle Scholar
  • Gray RM (2013) Entropy and Information Theory (Springer-Verlag, New York).Google Scholar
  • Hill MO (1973) Diversity and evenness: A unifying notation and its consequences. Ecology 54(2):427–432.CrossrefGoogle Scholar
  • Hughes RP (1987) A new approach to common cause failure. Reliability Engrg. 17(3):211–236.CrossrefGoogle Scholar
  • Karp RM (1972) Reducibility among combinatorial problems. Miller RE, Thatcher JW, eds. Complexity of Computer Computations (Plenum, New York), 85–103.CrossrefGoogle Scholar
  • Katz ML, Shapiro C (1985) Network externalities, competition, and compatibility. Amer. Econom. Rev. 75(3):424–440.Google Scholar
  • Katz ML, Shapiro C (1986) Technology adoption in the presence of network externalities. J. Political Econom. 94(4):822–841.CrossrefGoogle Scholar
  • Kephart JO, White SR (1991) Directed-graph epidemic models of computer viruses. Proc. IEEE Sympos. Res. Security Privacy (IEEE Computer Society, Washington, DC), 343–359.Google Scholar
  • Kephart JO, White SR (1993) Measuring and modeling computer virus prevalence. Proc. IEEE Sympos. Security Privacy (IEEE Computer Society, Washington, DC), 2–15.CrossrefGoogle Scholar
  • Kim J, Radhakrishnan S, Dhall SK (2004) Measurement and analysis of worm propagation on Internet network topology. Proc. 13th Internat. Conf. Comput. Comm. Networks, (IEEE, Chicago), 495–500.Google Scholar
  • Lala JH, Schneider FB (2009) IT monoculture security risks and defenses. IEEE Security Privacy 7(1):12–13.CrossrefGoogle Scholar
  • Larsen P, Brunthaler S, Franz M (2014) Security through diversity: Are we there yet? IEEE Security Privacy 12(2):28–35.CrossrefGoogle Scholar
  • Lin D, Stamp M (2011) Hunting for undetectable metamorphic viruses. J. Comput. Virology 7(3):201–214.CrossrefGoogle Scholar
  • Littlewood B, Miller DR (1989) Conceptual modeling of coincident failures in multi-version software engineering. IEEE Trans. Software Engrg. 15(12):1596–1614.CrossrefGoogle Scholar
  • Littlewood B, Popov P, Strigini L (2001) Modeling software design diversity—A review. ACM Comput. Surveys 33(2):177–208.CrossrefGoogle Scholar
  • MacKay DJC (2003) Information Theory, Inference, and Learning Algorithms (Cambridge University Press, Cambridge, UK).Google Scholar
  • Maron DF (2013) A new cyber concern: Hack attacks on medical devices. Sci. Amer. (June 25), http://www.scientificamerican.com/article/a-new-cyber-concern-hack/.Google Scholar
  • Medina A, Matta I, Byers J (2000) On the origin of power laws in Internet topologies. Comput. Comm. Rev. 30(2):18–28.CrossrefGoogle Scholar
  • Mitchell TM (1997) Machine Learning (McGraw-Hill, New York).Google Scholar
  • Moreno Y, Pastor-Satorras R, Vespignani A (2002) Epidemic outbreaks in complex heterogeneous networks. Eur. Physical J. B 26(4):521–529.CrossrefGoogle Scholar
  • Neti S, Somayaji A, Locasto ME (2012) Software diversity: Security, entropy and game theory. 7th USENIX Workshop Hot Topics Security (USENIX, Bellevue, WA), 1–6.Google Scholar
  • Nichols S (2015) Conficker is back—And it’s infecting police body cams. The Register (November 14), http://www.theregister.co.uk/2015/11/14/remember_conficker_its_back_and_its_infecting_police_body_cams/.Google Scholar
  • Nooy WD, Mrvar A, Batagelj V (2005) Exploratory Network Analysis with Pajek (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • NWB Team (2006) Network workbench tool. Indiana University, Northeastern University, and University of Michigan, http://nwb.slis.indiana.edu.Google Scholar
  • O’Donnell AJ, Sethu H (2004) On achieving software diversity for improved network security using distributed coloring algorithms. Proc. 11th ACM Conf. Comput. Comm. Security (ACM, New York), 121–131.CrossrefGoogle Scholar
  • O’Donnell AJ, Sethu H (2005) Software diversity as a defense against viral propagation: Models and simulations. Proc. 19th Workshop Principles Adv. Distributed Simulation (IEEE Computer Society, Washington, DC), 247–253.CrossrefGoogle Scholar
  • Partridge D, Krzanowski W (1997) Software diversity: Practical statistics for its measurement and exploitation. Inform. Software Tech. 39(10):707–717.CrossrefGoogle Scholar
  • Pastor-Satorras R, Vespignani A (2001a) Epidemic dynamics and endemic states in complex networks. Physical Rev. E 63:066117.CrossrefGoogle Scholar
  • Pastor-Satorras R, Vespignani A (2001b) Epidemic spreading in scale-free networks. Physical Rev. Lett. 86(14):3200–3203.CrossrefGoogle Scholar
  • Pastor-Satorras R, Vespignani A (2002a) Epidemic dynamics in finite size scale-free networks. Physical Rev. E 65:035108.CrossrefGoogle Scholar
  • Pastor-Satorras R, Vespignani A (2002b) Epidemics and immunization in scale-free networks. Bornholdt S, Schuster HG, eds. Handbook of Graphs and Networks: From the Genome to the Internet (Wiley-VCH, Berlin), 111–130.CrossrefGoogle Scholar
  • Pastor-Satorras R, Vespignani A (2008) Immunization of complex networks. Physical Rev. E 65:036104.CrossrefGoogle Scholar
  • Quinlan JR (1986) Induction of decision trees. Machine Learn. 1(1):81–106.CrossrefGoogle Scholar
  • Rényi A (1961) On Measures of Entropy and Information (University of California Press, Berkeley, CA).Google Scholar
  • Schneider D (2012) The state of network security. Network Security 2012(2):14–20.CrossrefGoogle Scholar
  • Shannon C (1948) A mathematical theory of communication. Bell System Tech. J. 27(3):379–423.CrossrefGoogle Scholar
  • Shannon CE, Weaver W (1949) The Mathematical Theory of Communication (University of Illinois Press, Urbana, IL).Google Scholar
  • Sokal RR, Sneath PH (1963) Principles of Numerical Taxonomy (WH Freeman, San Francisco).Google Scholar
  • Stamp M (2004) Risks of monoculture. Comm. ACM 47(3):120.CrossrefGoogle Scholar
  • Sukwong O, Kim HS, Hoe JC (2011) Commercial antivirus software effectiveness: An empirical study. Comput. 44(3):63–70.CrossrefGoogle Scholar
  • Temizkan O, Kumar RL, Park S, Subramaniam S (2012) Patch release behaviors of software vendors in response to vulnerabilities: An empirical analysis. J. Management Inform. Systems 28(4):305–337.CrossrefGoogle Scholar
  • Vazirani VV (2001) Approximation Algorithms (Springer-Verlag, New York).Google Scholar
  • Wagner R, Pescatore J (2003) Use more than one operating system to limit the impact of malicious code attacks. Computer Weekly, http://www.computerweekly.com/feature/Use-more-than-one-operating-system-to-limit-the-impact-of-malicious-code-attacks.Google Scholar
  • Wang XF, Chen G (2003) Complex networks: Small-world, scale-free and beyond. IEEE Circuits Systems 3:6–20.Google Scholar
  • Wang Y, Wang C (2003) Modeling the effects of timing parameters on virus propagation. ACM Workshop Rapid Malcode (ACM, New York), 61–66.CrossrefGoogle Scholar
  • Wang Y, Chakrabarti D, Wang C, Faloutsos C (2003) Epidemic spreading in real networks: An eigenvalue viewpoint. Proc. 22nd Internat. Sympos. Reliable Distributed Systems (IEEE Computer Society, Washington, DC), 25–34.CrossrefGoogle Scholar
  • Wasserman S, Frost K (1994) Social Network Analysis: Methods and Applications (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • Williams D, Hu W, Davidson JW, Hiser JD, Knight JC, Nguyen-Tuong A (2009) Security through diversity: Leveraging virtual machine technology. IEEE Security Privacy 7(1):26–33.CrossrefGoogle Scholar
  • Zhang Y, Vin H, Alvisi L, Lee W, Dao SK (2001) Heterogeneous networking: A new survivability paradigm. Proc. Workshop New Security Paradigms (ACM, New York), 33–39.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree