Globally safe distributed software through multi-tier diversity

Informations

Funding country

France

Acronym

GDiv

URL

-

Start date

10/12/2015

End date

-

Budget

30,000 EUR

Fundings

Abstract

The objective of this project, called GDiv, is to setup a strong network of European partners around the core team composed of INRIA (coordinator) and SINTEF. This network will gather another academic partner and between 3 and 5 industry partners in the areas of software development and deployment. This network will be setup in order to prepare a project proposal for the call ICT10-2016 Software Technologies. I am currently coordinating a FET project (FP7 - DIVERSIFY), which brings together researchers from the domains of software-intensive distributed systems and ecology in order to translate ecological concepts and processes into software design principles. In particular, we investigate how the dynamics of biodiversity can be adapted to increase the diversity in software systems in order to increase their robustness against unpredictable environmental perturbations (bugs, hardware failures, attacks, network latency, etc.). This project has developed fundamental principles that are now ready for transfer into actual new software technology for the engineering of safe large-scale software systems. The main goal of GDiv is to setup a consortium, which gathers partners from industry and academia in the area of software technologies and that fits the LEIT-ICT spirit. From a research and innovation perspective, the project proposal setup by the GDiv network will address the risks of large scale software reuse through integrated, multi-level software diversification techniques. Software reuse is essential to build the large-scale software applications that pervade our daily lives. Yet, massive reuse has a darker side: it creates a monoculture of software applications and millions of clone programs around the world can be hacked in the same way. For example, Wordpress web sites have been the targets of an agressive hacking campaign in France, in the aftermath of the Charlie Hebdo attacks. Two factors favored this massive attack: (i) Wordpress is the dominating technology to build web sites (forming an applicative monoculture) and (ii) Wordpress developers introduced some rigidity in the code (e.g., ``hard-coded'' naming conventions), which favored the reconnaissance phase of these attacks. The project setup by the Gdiv network will aim at designing new software technologies to (i) automatically create large quantities of program variants that all provide similar functionality but implement diverse computation and (ii) integrate these variants in the deployment and maintenance processes. This kind of software diversity aims at reducing the risks of applicative software monoculture, while letting the developers benefit from code reuse.