Attributes can represent software diversity at many different
granularities. The choice of attribute granularity balances resilience to
pathogens, flexibility for placing replicas, and degree of replication.
An example of the coarsest representation is for a host to have a
configuration comprising a single attribute for the generic class of
operating system,
e.g., "Windows", "Unix", etc.
This single attribute represents the potential vulnerabilities of
all versions of software running on all versions of the same class of
operating system. As a result, replicas would always be placed on hosts
with different operating systems. A less coarse representation is to
have attributes for the operating system as well as all network services
running on the host. This representation yields more freedom for placing
replicas. For example, we can place replicas on hosts with the same class
of operating system if they run different services. The core
in Example 3.1 is an example of this situation since
and
both run Windows. More fine-grained representations can have
attributes for different versions of operating systems and applications.
For example, we can represent the various releases of Windows, such
as "Windows 2000" and "Windows XP", or even versions such as "NT 4.0sp4"
as attributes. Such fine-grained
attributes provide considerable flexibility in placing replicas.
For example,
we can place a replica on an NT host and an XP host to protect against
worms such as Code Red that exploit an NT service but not an XP service.
But doing so greatly increases the cost and complexity of collecting and
representing host attributes, as well as computing cores to determine
replica sets.
Our initial work [14] suggested that informed replication can be effective with relatively coarse-grained attributes for representing software diversity. As a result, we use attributes that represent just the class of operating system and network services on hosts in the system, and not their specific versions. In subsequent sections, we show that, when representing diversity at this granularity, hosts in an enterprise-scale network have substantial and sufficient software diversity for efficiently supporting informed replication. Our experience suggests that, although we can represent software diversity at finer attribute granularities such as specific software versions, there is not a compelling need to do so.
|