| Too much singleness and homogeneity inside the computer network results in its frangibility. The attacker may make use of one vulnerability to conduct repeated attacks to many computer systems. The diversification is an effective way to handle the simple and continuous attacks. Based on the diversification of biology, with the aim of lessening and weakening the singleness and homogeneous characteristics of the present computer network, the thesis does some research to find effective methods for system security.The thesis regards the diversification as the key technology to improve the security of the network, including the diversification of network structure, network protocols and network nodes.For each type of the three diversification approaches, based on the introduction of the technical concept and related work, we have proposed effective implementing methods and validated their feasibility. As for the diversification of network structure, based on the systemic introduction of some implementing methods, we focus on the implementation of distributed coloring algorithm of network. With regard to the diversification of network protocols, we mainly provide the method of diversified routes. The thesis gives the achievable method of executable code as for the diversification of nodes.We focus on the diversified technology of network node and put forward self-perception and self-adaptation to achieve diversification. We aim to realize the security enhancement or remedy some unknown system holes by diversification without impairing the program reliability and efficiency. The thesis proposes a diversification method for executable code by reducing the vulnerability, whose feasibility and effectiveness are demonstrated by the experiments of worm containing and buffer overflow prevention..It is essential to use various diversification methods comprehensively and systematically for the computer system and network system security. This thesis proposes a systematic diversification model, which can diversify the computer system with the addition of new software modules of Collection, Analysis, Monitoring, Loading and Key Processing. The introduction of random elements and features makes the system behave differently according to the users or running environments, thus frustrating the attacks. Through the integration of various diversification methods, this model can achieve the security enhancement in terms network structure, network protocols and network nodes, and optimize the computer performance under certain circumstances as well. The performance improvement through diversification is demonstrated by the diversification optimized Buddy algorithm that contributes to the better performance of memory allocator.To sum up, our work indicates that the diversification introduced to the computer system is an effective way to improve its security. It is feasible both in theory and practice, and yields prominent effects. |
PDF Full Text Request