Validating and Attacking Distributed Software Diversity |
The fieldof viral propagation modeling has garnered a great deal of attention in recentyears as computer security researchers attempt to find ways of mitigating rapidmalcode propagation. A variety of techniques have been suggested which candelay the spread of a worm, including rate-limiting network cards , targetedimmunization of highly connected nodes and a combination of addressblacklisting and content filtering. In complementary work, researchers havebeen focusing on the software monoculture on the Internet and its relationshipto viral epidemics. The value of software diversity to computer security comesfrom the fact that an attack written for one piece of software rarely works fora different but functionally equivalent software package. By increasing thenumber of diverse software packages present on the network, the researchargues, the chances that an attack will be effective against a randomlyselected node will decrease. The research literature in softwarediversity suggests that the introduction of different software packages is aneffective method of disrupting the activities of an attacker or a worm,particularly one which repeatedly utilizes a pre-written and unchanging attackto compromise machines. However, there have been no quantitative evaluations ofthe impact of software diversity on malcode propagation in real networktopologies. These technologies serve as an effective method for preventing wormepidemics.