«

»

Multi-tier diversification in Web-based software applications

by Simon Allier, Olivier Barais, Benoit Baudry, Johann Bourcier, Erwan Daubert, Franck Fleurey, Martin Monperrus, Hui Song, Maxime Tricoire
Abstract:
The development of web applications massively benefits from modular architectures and reuse. This excellent software engineering practice, is also the source of a new form of monoculture in application-level code, which creates a potential risk for dependability. We propose using software diversification in multiple components of web applications to reconcile the tension between reuse and dependability. We identify key enablers for the effective diversification of software, especially at the application-code level. Our vision is that it is possible to combine different software diversification strategies, from the deployment of different vendor solutions, to fine-grained code transformations, in order to provide different forms of protection.
Reference:
Multi-tier diversification in Web-based software applications (Simon Allier, Olivier Barais, Benoit Baudry, Johann Bourcier, Erwan Daubert, Franck Fleurey, Martin Monperrus, Hui Song, Maxime Tricoire), In IEEE Software, volume 32, 2015.
Bibtex Entry:
@article{allier15,
keywords = {diversity, web, selected, software diversity, software monoculture, web applications, security, dependability},
  title={Multi-tier diversification in Web-based software applications},
  author={Allier, Simon and Barais, Olivier and Baudry, Benoit and Bourcier, Johann and Daubert, Erwan and Fleurey, Franck and Monperrus, Martin and Song, Hui and Tricoire, Maxime},
  journal={IEEE Software},
  volume = {32},
  number={1},
  year={2015},
  pages={83--90},
	X-International-Audience = {yes},
	X-Language = {EN},
	x-abbrv = {Software},
	url={https://hal.archives-ouvertes.fr/hal-01089268/document},
	abstract = {The development of web applications massively benefits from modular architectures and reuse. This excellent software engineering practice, is also the source of a new form of monoculture in application-level code, which creates a potential risk for dependability.
  We propose using software diversification in multiple components of web applications to reconcile the tension between reuse and dependability. We identify key enablers for the effective diversification of software, especially at the application-code level. Our vision is that it is possible to combine different software diversification strategies, from the deployment of different vendor solutions, to fine-grained code transformations, in order to provide different forms of protection. 
  }
}