Computer Immune Systems
Diversity to Reduce Vulnerability

In biological systems, diversity is an important source of robustness. A stable ecosystem, for example, contains many different species which occur in highly-conserved frequency distributions. If this diversity is lost and a few species become dominant, the ecosystem becomes susceptible to perturbation s such as catastrophic fires, infestations, and disease. Similarly, health problems often emerge when there is low genetic diversity within a species, as in the case of endangered species or animal breeding programs. The vertebrate immune system offers a third example, providing each individual with a unique set of immunological defenses, helping to control the spread of disease within a population. Computers, by contrast, are notable for their lack of diversity. Manufacturers produce multitudes of identical copies from a single design, with the goal of making every chip of a given type and every copy of a given program identical.

As computers increasingly become mass-market commodities, the decline in the diversity of available hardware and software is likely to continue, and as in biological systems, such a development carries serious risks. All the advantages of uniformity become potential weaknesses when they can be exploited by an attacker, because once a method is created for penetrating the security of one computer, all computers with the same configuration become similarly vulnerable. The potential danger grows with the population of interconnected and homogeneous computers.

If every intrusion, virus, or worm had to be explicitly crafted to a particular machine, the cost of trying to penetrate computer systems would go up dramatically. We are studying methods for introducing diversity that focus on unnecessary consistencies. Each aspect of a programming language that is "arbitrary" or "implementation dependent" is an opportunity for randomized compilation techniques to introduce diversity. Such diversity would preserve the functionality of well-behaved programs and be highly likely to disrupt others by removing unnecessary regularities. For more details, see Building diverse computer systems.

© 1997 Steven A Hofmeyr