The deployment of monoculture software stacks can have devastating consequences because a single attack can compromise all of the vulnerable computers in cyberspace. This one-vulnerability-affects-all phenomenon will continue until after software stacks are diversified, which is well recognized by the research community. However, existing studies mainly focused on investigating the effectiveness of software diversity at the building-block level (e.g., whether two independent implementations indeed exhibit independent vulnerabilities); the effectiveness of enforcing network-wide software diversity is little understood, despite its importance in possibly helping justify investment in software diversification. As a first step towards ultimately tackling this problem, we propose a systematic framework for modeling and quantifying the cybersecurity effectiveness of network diversity, including a suite of cybersecurity metrics. We also present an agent-based simulation to empirically demonstrate the usefulness of the framework. We draw a number of insights, including the surprising result that proactive diversity is effective under very special circumstances, but reactive-adaptive diversity is much more effective in most cases.
翻译:单种软件堆放的部署可能产生灾难性后果,因为单种攻击会损害网络空间中所有脆弱的计算机。这种一脆弱、影响全方位的现象将持续到软件堆放多样化之后,研究界对此十分承认。然而,现有研究主要侧重于调查建筑区块一级软件多样性的有效性(例如,两个独立的实施是否确实表现出独立的弱点);尽管在帮助为软件多样化投资提供理由方面非常重要,但实施全网络软件多样性的有效性却鲜为人知。作为最终解决这一问题的第一步,我们提出了一个系统框架,用于网络多样性网络网络网络安全效力的建模和量化,包括一套网络安全指标。我们还以代理为基础进行模拟,实证地展示了框架的实用性。我们引出了一些深刻见解,包括一些令人惊讶的结果,即积极主动的多样性在非常特殊的情况下是有效的,但在大多数情况下,反应适应性多样性的效果要大得多。