K-Variant Architecture: A Multi-Variant Approach to Enhance Security Against Memory Exploitation Attacks for Web Services and Applications.

Abstract

The K-Variant Architecture is proposed as a cost-effective approach for enhancing the security of web services and applications against memory exploitation attacks. Memory-related vulnerabilities continue to be a major concern, even for web services implemented in memory-safe languages. To address this, the K-Variant Architecture uses source code-level program transformations to generate variants, providing statistical security against memory exploitation attacks through critical data diversification in memory. Unlike the N-version architecture, which is limited to mission and safety-critical systems due to its high cost and difficulties in verifying versions, the K-Variant Architecture offers a low-cost alternative with diversity in critical data to improve system security against memory exploitation attacks.This paper presents the high-level design of the K-Variant Architecture, program transformation techniques, and implementation details for web services and applications. The proposed K-Variant Architecture is demonstrated as an object-oriented design utilizing three classes, namely Client, ServiceDirectory, and EngineMotor, to provide critical data diversification in memory for web services. The program transformation techniques used in the K-Variant Architecture and their suitability for web services are also discussed. The overall architecture's implementation details are provided, including the use of various program transformations, the deployment of variants on different operating systems, and the compilation of variants depending on the programming language.In conclusion, the K-Variant Architecture is proposed as a cost-effective approach for improving the security of web services and applications against memory exploitation attacks. The proposed architecture provides critical data diversification in memory, improving the system's survivability against memory exploitation attacks. The use of safe and automated program transformations in the generation of variants makes system development cost-effective.