lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F4004BF.10108@immunix.com>
Date: Sun, 17 Aug 2003 15:42:07 -0700
From: Crispin Cowan <crispin@...unix.com>
To: Shaun Clowes <shaun@...urereality.com.au>
Cc: "BUGTRAQ@...URITYFOCUS.COM" <BUGTRAQ@...URITYFOCUS.COM>
Subject: Re: Buffer overflow prevention


Shaun Clowes wrote:

>I think it's generally accepted that homogenity breeds insecurity, in
>which case it makes sense to try to be as different from everyone else
>as possible even if that doesn't make it impossible for someone to break
>you.
>
That is a commonly held view, but I would not say it is widely accepted. 
I certainly don't accept it.

Heterogeneity increases survivability of the *species*, but does little 
to protect the individual. A site manager seeking to protect their own 
servers cares little if an attack that takes them down doesn't take down 
their competitors. In fact, it's kind of bad if heterogeneity means that 
you go down and your competitors don't. At most, you could say that 
running the most common system makes you somewhat more vulnerable to 
attack, and you should take that into consideration when planning your 
security.

So heterogeneity is really just security by obscurity, dressed up to 
sound pretty. It also comes at a cost: in direct proportion to the 
security benefits of running an obscure system is elevated operational 
costs due to incompatibilities induced by your diversity. Exactly what 
those incompatibility costs are varies according to the ways in which 
you diverge from others. For that matter, so do the security benefits 
vary according to what aspects of your system you diversified.

So before spending a bucket of $ on contrived diversity, consider 
spending that $ on actual security mechanisms: you will get a much more 
predictable ROI.

Caveat: there is a gray spectrum between natural diversity (Windows vs. 
Linux vs. BSD) and synthetic diversity (PAX/ASLR, PointGuard). The 
former are diverse, but the ways in which they are divers are rigidly 
fixed aspects of system architecture, and cannot be changed. The latter 
use cryptographically secure random numbers (to the extent possible) to 
provide per-instance diversity that is readily changed, much like crypto 
session keys. Cryptography itself is just a form of obscurity, albeit 
with some very important properties surrounding key management.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ