Monoculture - The Other Side presented at Blackhat Europe 2011

by Damir Rajnovic (Cisco Systems ),

Tags: Security

Summary : "The case against monoculture in the computer security space is succinctly given in the executive summary of the ""CyberInsecurity: The Cost on Monopoly"" by Dan Geer et al., article, as follows: Computing is crucial to the infrastructure of advanced countries. Yet, as fast as the world's computing infrastructure is growing, security vulnerabilities within it are growing faster still. The security situation is deteriorating, and that deterioration compounds when nearly all computers in the hands of end users rely on a single operating system subject to the same vulnerabilities the world over. Most of the world's computers run Microsoft's operating systems, thus most of the world's computers are vulnerable to the same viruses and worms at the same time. The only way to stop this is to avoid monoculture in computer operating systems, and for reasons just as reasonable and obvious as avoiding monoculture in farming. Microsoft exacerbates this problem via a wide range of practices that lock users to its platform. The moral of that article is to diversify and use multiple operating systems in an organization to prevent amplifying consequences of an incident involving a particular operating system. Some organizations have indeed taken that message into account and are making a conscious effort to diversify their platforms above and beyond naturally occurring diversification. It is not uncommon for an organization to purchase firewalls from different vendors and deploy both of them in the network. Sometimes even use both of them at the same ingress point. The idea behind this diversification is that if there is vulnerability in one vendor's product, it will not be present in the product made by the other vendor. This session examines what underpins this monoculture argument and which of the underlying premisses are false. The session covers why the solution to the monoculture/monopoly argument, as commonly argued, might not be universally valid and what dangers are hidden in today's systems that are supposedly designed to work around the monoculture problem. The focus of the session is on implementation rather than design side of the things, i.e. an error in design of TCP protocol versus an error in a specific implementation of (otherwise sound) TCP protocol. It is expected that design error will affect all implemention of a given protocol/application and this case is not what this session is focused on. The session is focused on instances where independent implementations of a given design have common points of failure. The session will show how the monoculture argument is applicable at different levels, from a single product (be it a single application or the whole operating system) to the whole systems (e.g., a network or multiple interconnected and cooperating products)."