Software diversity: security, entropy and game theory

Authors:
Saran Neti;Anil Somayaji;Michael E. Locasto
Affiliations:
Carleton University;Carleton University;University of Calgary
Venue:
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Year:
2012

Citing 11
Cited 1

Heterogeneous networking: a new survivability paradigm

Proceedings of the 2001 workshop on New security paradigms
Dispersion games: general definitions and some specific learning results

Eighteenth national conference on Artificial intelligence
Building Diverse Computer Systems

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Countering code-injection attacks with instruction-set randomization

Proceedings of the 10th ACM conference on Computer and communications security
Risks of monoculture

Communications of the ACM - Homeland security
On achieving software diversity for improved network security using distributed coloring algorithms

Proceedings of the 11th ACM conference on Computer and communications security
On the effectiveness of address-space randomization

Proceedings of the 11th ACM conference on Computer and communications security
Countering Network Worms Through Automatic Patch Generation

IEEE Security and Privacy
The N-Version Approach to Fault-Tolerant Software

IEEE Transactions on Software Engineering
Monoculture

IEEE Security and Privacy
Anomalous payload-based worm detection and signature generation

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Towards secure and dependable software-defined networks

Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although many have recognized the risks of software monocultures, it is not currently clear how much and what kind of diversity would be needed to address these risks. Here we attempt to provide insight into this issue using a simple model of hosts and vulnerabilities connected in a bipartite graph. We use this graph to compute diversity metrics as Renyi entropy and to formulate an anti-coordination game to understand why computer host owners would choose to diversify. Since security isn't the only factor considered when choosing software in the real world, we propose a slight variation of the popular security wargame Capture the Flag that can serve as a testbed for understanding the utility of diversity as a defense strategy.