Discussion Questions
- What is the basic model behind both of these systems? Hint: focus on the figures!
- What aspect(s) of security are these models capturing? What are they missing?
Notes
Lecture 9
---------
What is entropy? (G1)
- least diverse -> least entropy
So maybe increasing entropy (disorder) would increase security?
- multiple kinds of software, hosts, etc
But that seems chaotic and thus insecure?
Entropy on a specific graph
- hosts can have some number of vulns
- edges represent the vulns a host has
- cannot remove all edges by assumption - hosts always have some
- increase entropy -> more disorder in edges
Adding new kinds of systems => increase the space of vulnerabilities
- attack surface goes up!
If diversity is the answer, what is the question?
- consider for Thursday