Strategic Study of CAE >> 2016, Volume 18, Issue 6 doi: 10.15302/J-SSCAE-2016.06.015
Applying a Combination of Mimic Defense and Software Diversity in the Software Security Industry
1. State Key Laboratory of Mathematical Engineering and Advanced Computing, The PLA Information Engineering University, Zhengzhou 450001, China;
2. National Digital Switching System Engineering & Technological R&D Center, The PLA Information Engineering University, Zhengzhou 450002, China
Next Previous
Abstract
With the development of the Internet, the process of computer software globalization continues to push forward. For widely used software, anidentical binary code is installed on millions of computers; sometimes even hundreds of millions. This makes widespread exploitation easy and attractive for an attacker because the same attack vector is likely to succeed on a large number of targets. Traditional software security methods can only counter the threat temporarily, and cannot eliminate essential vulnerabilities. This paper proposes a scheme of combining software diversity with mimic defense in the software security industry.
Keywords
software diversity ; mimic defense ; software security product
References
[ 1 ] China Internet Network Information Center. The 38th statistical report on Internet development in China [EB/OL]. (2016-08-03) [2016-10-08]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwt-jbg/201608/t20160803_54392.htm. Chinese. link1
[ 2 ] Symantec Corporation. Internet security threat report 2016 [R/OL]. (2016-04-01) [2016-10-08]. link1
[ 3 ] Ni G N. The nature of information security: autonomous and con-trollable [J]. China Economy & Informatization, 2013 (5): 18–19. Chinese. link1
[ 4 ] Cohen F B. Operating system protection through program evolu-tion [J]. Computers & Security, 1993, 12 (6): 565–584. link1
[ 5 ] Wu J X. Meaning and vision of mimic computing and mimic secu-rity defense [J]. Telecommunications Science, 2014, 30 (7): 1–7. Chinese. link1
[ 6 ] Jackson T, Salamat B, Homescu A, et al. Compiler-generated software diversity [M]// Jajodia S, Ghosh A K, Swarup V, et al, ed-itors. Moving target defense: creating asymmetric uncertainty for cyber threats. New York: Springer, 2011: 77–98. link1
[ 7 ] Wu J X. Mimic security defense in cyber space [J]. Secrecy Sci-ence and Technology, 2014, 10 (1): 4–9. Chinese. link1