Re: Heterogeneity as a form of obscurity, and its usefulness

[Crispin Cowan <crispin () immunix com>]

Eric Greenberg wrote:

> Heterogeneity has played a major role in disastor and recovery designs for
> as long as I can remember (that would be the past 20 years). Equally so, I
Be *very* careful here: security is fundamentally different from fault 
tolerance. FT needs to defeat random, independent faults, and 
heterogeneity helps. Security needs to defeat an intelligent adversary, 
and the adversary can defeat two heterogeneous systems with 
approximately twice the effort of defeating a single system. The 
defender, in turn, has to spend approximately twice the effort to deploy 
dual heterogeneous systems as to deploy a single system.

I argue that it is worse than that, because the effort to defeat two 
heterogeneous systems is somewhat *less* than double that of a single 
system (because the attacker can exploit common design and 
implementation failures) and the effort to deploy & operate dual 
heterogeneous systems is somewhat *more* than double that of a single 
system (because the defender must account for both consistency and 
incompatibility).

Once again, it is not that heterogeneity doesn't work. It's that for the 
goal of defending a single resource, it is not as cost-effective as due 
diligence & best practices, such as properly employed authentication, 
firewalls, and secure operating systems.

Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/