IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v28y2017i4p828-849.html
   My bibliography  Save this article

Software Diversity for Improved Network Security: Optimal Distribution of Software-Based Shared Vulnerabilities

Author

Listed:
  • Orcun Temizkan

    (Faculty of Business, Ozyegin University, 34794 Cekmekoy, Istanbul, Turkey)

  • Sungjune Park

    (Belk College of Business, University of North Carolina at Charlotte, Charlotte, North Carolina 28223)

  • Cem Saydam

    (Belk College of Business, University of North Carolina at Charlotte, Charlotte, North Carolina 28223)

Abstract

Firms, and other agencies, tend to adopt widely used software to gain economic benefits of scale, which can lead to a software monoculture. This can, in turn, involve the risk of correlated computer systems failure as all systems on the network are exposed to the same software-based vulnerabilities. Software diversity has been introduced as a strategy for disrupting such a monoculture and ultimately decreasing the risk of correlated failure. Nevertheless, common vulnerabilities can be shared by different software products. We thus expand software diversity research here and consider shared vulnerabilities between different software alternatives. We develop a combinatorial optimization model of software diversity on a network in an effort to identify the optimal software distribution that best improves network security. We also develop a simulation model of virus propagation based on the susceptible-infected-susceptible model. This model allows calculation of the epidemic threshold, a measure of network resilience to virus propagation. We then test the effectiveness of the proposed software diversity strategies against the spreading of viruses through a series of experiments.

Suggested Citation

  • Orcun Temizkan & Sungjune Park & Cem Saydam, 2017. "Software Diversity for Improved Network Security: Optimal Distribution of Software-Based Shared Vulnerabilities," Information Systems Research, INFORMS, vol. 28(4), pages 828-849, December.
  • Handle: RePEc:inm:orisre:v:28:y:2017:i:4:p:828-849
    DOI: 10.1287/isre.2017.0722
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/isre.2017.0722
    Download Restriction: no

    File URL: https://libkey.io/10.1287/isre.2017.0722?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Barabási, Albert-László & Albert, Réka & Jeong, Hawoong, 2000. "Scale-free characteristics of random networks: the topology of the world-wide web," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 281(1), pages 69-77.
    2. Erik Brynjolfsson & Chris F. Kemerer, 1996. "Network Externalities in Microcomputer Software: An Econometric Analysis of the Spreadsheet Market," Management Science, INFORMS, vol. 42(12), pages 1627-1647, December.
    3. Réka Albert & Hawoong Jeong & Albert-László Barabási, 2000. "Error and attack tolerance of complex networks," Nature, Nature, vol. 406(6794), pages 378-382, July.
    4. Katz, Michael L & Shapiro, Carl, 1985. "Network Externalities, Competition, and Compatibility," American Economic Review, American Economic Association, vol. 75(3), pages 424-440, June.
    5. Katz, Michael L & Shapiro, Carl, 1986. "Technology Adoption in the Presence of Network Externalities," Journal of Political Economy, University of Chicago Press, vol. 94(4), pages 822-841, August.
    6. Ashish Arora & Ramayya Krishnan & Rahul Telang & Yubao Yang, 2010. "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, INFORMS, vol. 21(1), pages 115-132, March.
    7. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Yong Wu & Junlin Duan & Tao Dai & Dong Cheng, 2020. "Managing Security Outsourcing in the Presence of Strategic Hackers," Decision Analysis, INFORMS, vol. 17(3), pages 235-259, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Namwoon Kim & Jin K. Han & Rajendra K. Srivastava, 2002. "A Dynamic IT Adoption Model for the SOHO Market: PC Generational Decisions with Technological Expectations," Management Science, INFORMS, vol. 48(2), pages 222-240, February.
    2. den Hartigh, E. & Langerak, F. & Commandeur, H.R., 2002. "The Effects of Self-Reinforcing Mechanisms on Firm Performance," ERIM Report Series Research in Management ERS-2002-46-MKT, Erasmus Research Institute of Management (ERIM), ERIM is the joint research institute of the Rotterdam School of Management, Erasmus University and the Erasmus School of Economics (ESE) at Erasmus University Rotterdam.
    3. Robert J. Kauffman & James McAndrews & Yu-Ming Wang, 2000. "Opening the “Black Box” of Network Externalities in Network Adoption," Information Systems Research, INFORMS, vol. 11(1), pages 61-82, March.
    4. Mak, Vincent & Zwick, Rami, 2010. "Investment decisions and coordination problems in a market with network externalities: An experimental study," Journal of Economic Behavior & Organization, Elsevier, vol. 76(3), pages 759-773, December.
    5. Kevin J. Boudreau & Lars Bo Jeppesen & Milan Miric, 2022. "Competing on freemium: Digital competition with network effects," Strategic Management Journal, Wiley Blackwell, vol. 43(7), pages 1374-1401, July.
    6. Sujoy Chakravarty, 2003. "Experimental Evidence on Product Adoption in the Presence of Network Externalities," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 23(3), pages 233-254, December.
    7. Haruvy, Ernan & Prasad, Ashutosh, 2005. "Freeware as a competitive deterrent," Information Economics and Policy, Elsevier, vol. 17(4), pages 513-534, October.
    8. Podoynitsyna, Ksenia & Song, Michael & van der Bij, Hans & Weggeman, Mathieu, 2013. "Improving new technology venture performance under direct and indirect network externality conditions," Journal of Business Venturing, Elsevier, vol. 28(2), pages 195-210.
    9. Fabio Manenti & Ernesto Somma, 2008. "One-Way Compatibility, Two-Way Compatibility and Entry in Network Industries," International Journal of the Economics of Business, Taylor & Francis Journals, vol. 15(3), pages 301-322.
    10. A. Bassanini & G. Dosi, 1998. "Competing Technologies, International Diffusion and the Rate of Convergence to a Stable Market Structure," Working Papers ir98012, International Institute for Applied Systems Analysis.
    11. Deishin Lee & Haim Mendelson, 2007. "Adoption of Information Technology Under Network Effects," Information Systems Research, INFORMS, vol. 18(4), pages 395-413, December.
    12. Oz Shy, 2011. "A Short Survey of Network Economics," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 38(2), pages 119-149, March.
    13. Liang Chen & Noman Shaheer & Jingtao Yi & Sali Li, 2019. "The international penetration of ibusiness firms: Network effects, liabilities of outsidership and country clout," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 50(2), pages 172-192, March.
    14. Daniel Birke, 2009. "The Economics Of Networks: A Survey Of The Empirical Literature," Journal of Economic Surveys, Wiley Blackwell, vol. 23(4), pages 762-793, September.
    15. Chou, Yen-Chun & Hao-Chun Chuang, Howard & Shao, Benjamin B.M., 2014. "The impacts of information technology on total factor productivity: A look at externalities and innovations," International Journal of Production Economics, Elsevier, vol. 158(C), pages 290-299.
    16. Joachim Henkel & Jörn Block, 2013. "Peer influence in network markets: a theoretical and empirical analysis," Journal of Evolutionary Economics, Springer, vol. 23(5), pages 925-953, November.
    17. Wei Jin & ZhongXiang Zhang, 2015. "Levelling the Playing Field: On the Missing Role of Network Externality in Designing Renewable Energy Technology Deployment Policies," Working Papers 2015.76, Fondazione Eni Enrico Mattei.
    18. van de Kaa, Geerten & Rezaei, Jafar & Kamp, Linda & de Winter, Allard, 2014. "Photovoltaic technology selection: A fuzzy MCDM approach," Renewable and Sustainable Energy Reviews, Elsevier, vol. 32(C), pages 662-670.
    19. Heli Koski & Tobias Kretschmer, 2004. "Survey on Competing in Network Industries: Firm Strategies, Market Outcomes, and Policy Implications," Journal of Industry, Competition and Trade, Springer, vol. 4(1), pages 5-31, March.
    20. Shim, Seonyoung & Lee, Byungtae & Kim, Sojung Lucia, 2018. "Rival precedence and open platform adoption: An empirical analysis," International Journal of Information Management, Elsevier, vol. 38(1), pages 217-231.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:28:y:2017:i:4:p:828-849. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.