Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Crispin Cowan <crispin () immunix com>
Date: Sun, 17 Aug 2003 15:42:07 -0700
Shaun Clowes wrote:
That is a commonly held view, but I would not say it is widely accepted. I certainly don't accept it.I think it's generally accepted that homogenity breeds insecurity, in which case it makes sense to try to be as different from everyone else as possible even if that doesn't make it impossible for someone to break you.
Heterogeneity increases survivability of the *species*, but does little to protect the individual. A site manager seeking to protect their own servers cares little if an attack that takes them down doesn't take down their competitors. In fact, it's kind of bad if heterogeneity means that you go down and your competitors don't. At most, you could say that running the most common system makes you somewhat more vulnerable to attack, and you should take that into consideration when planning your security.
So heterogeneity is really just security by obscurity, dressed up to sound pretty. It also comes at a cost: in direct proportion to the security benefits of running an obscure system is elevated operational costs due to incompatibilities induced by your diversity. Exactly what those incompatibility costs are varies according to the ways in which you diverge from others. For that matter, so do the security benefits vary according to what aspects of your system you diversified.
So before spending a bucket of $ on contrived diversity, consider spending that $ on actual security mechanisms: you will get a much more predictable ROI.
Caveat: there is a gray spectrum between natural diversity (Windows vs. Linux vs. BSD) and synthetic diversity (PAX/ASLR, PointGuard). The former are diverse, but the ways in which they are divers are rigidly fixed aspects of system architecture, and cannot be changed. The latter use cryptographically secure random numbers (to the extent possible) to provide per-instance diversity that is readily changed, much like crypto session keys. Cryptography itself is just a form of obscurity, albeit with some very important properties surrounding key management.
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Miod Vallat (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention stealth (Aug 15)
- Re: Buffer overflow prevention Mark Tinberg (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Peter Busser (Aug 18)
- Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
- Re: Buffer overflow prevention Shaun Clowes (Aug 15)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention Shaun Clowes (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Mark Handley (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Heterogeneity as a form of obscurity, and its usefulness Bob Rogers (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Crispin Cowan (Aug 22)
- Re: Heterogeneity as a form of obscurity, and its usefulness Nicholas Weaver (Aug 22)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)