Diversity as a Defense Strategy in Information Systems
July 2001
Charles Bain, The MITRE Corporation
Donald Faatz, The MITRE Corporation
Amgad Fayad, The MITRE Corporation
Douglas Williams, The MITRE Corporation
ABSTRACT
One of the challenges facing computer systems is resisting attack and compromise in a networked environment. Today’s computing environment is fairly homogeneous, due to a relatively small number of operating systems and application functions running on the vast majority of computers. This environment allows attackers to focus their efforts on the few types of systems deployed. Once an exploit is found, the exploit is effective against a very large number of systems running the same software. The large number of attack methods available on hacker Web sites demonstrates the ease with which attackers can exploit this homogeneous environment. This paper examines several widespread computer attacks to understand the effect of diversity on maintaining the integrity, and hence survivability, of information systems.

Additional Search Keywords
security, survivability, diversity, intrusion and fault tolerance
|