Issue No.01 - January/February (2009 vol.7)
Kenneth P. Birman , Cornell University
Fred B. Schneider , Cornell University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.24
Conventional wisdom holds that software monocultures are exceptionally vulnerable to malware outbreaks. The authors argue that this oversimplifies and misleads. An analysis based on attacker reactions likely to be evoked by successive generations of defenses suggests that deploying a monoculture in conjunction with automated diversity is indeed a very sensible defense today.
networked information system security, monoculture, artificial diversity, stack randomization, configuration attack, technology attack, trust attack.
Kenneth P. Birman, Fred B. Schneider, "The Monoculture Risk Put into Context", IEEE Security & Privacy, vol.7, no. 1, pp. 14-17, January/February 2009, doi:10.1109/MSP.2009.24