usenix conference policies
Software Diversity: Security, Entropy and Game Theory
Saran Neti and Anil Somayaji, Carleton University; Michael E. Locasto, University of Calgary
Although many have recognized the risks of software monocultures, it is not currently clear how much and what kind of diversity would be needed to address these risks. Here we attempt to provide insight into this issue using a simple model of hosts and vulnerabilities connected in a bipartite graph. We use this graph to compute diversity metrics as Renyi entropy and to formulate an anti-coordination game to understand why computer host owners would choose to diversify. Since security isn’t the only factor considered when choosing software in the real world, we propose a slight variation of the popular security wargame Capture the Flag that can serve as a testbed for understanding the utility of diversity as a defense strategy.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
title = {Software Diversity: Security, Entropy and Game Theory},
booktitle = {7th USENIX Workshop on Hot Topics in Security (HotSec 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/hotsec12/workshop-program/presentation/Neti},
publisher = {USENIX Association},
month = aug
}
connect with us