EvoSec 2025W Lecture 9: Difference between revisions
Created page with "==Discussion Questions== * What is the basic model behind both of these systems? Hint: focus on the figures! * What aspect(s) of security are these models capturing? What are they missing?" |
No edit summary |
||
| Line 2: | Line 2: | ||
* What is the basic model behind both of these systems? Hint: focus on the figures! | * What is the basic model behind both of these systems? Hint: focus on the figures! | ||
* What aspect(s) of security are these models capturing? What are they missing? | * What aspect(s) of security are these models capturing? What are they missing? | ||
==Notes== | |||
<pre> | |||
Lecture 9 | |||
--------- | |||
What is entropy? (G1) | |||
- least diverse -> least entropy | |||
So maybe increasing entropy (disorder) would increase security? | |||
- multiple kinds of software, hosts, etc | |||
But that seems chaotic and thus insecure? | |||
Entropy on a specific graph | |||
- hosts can have some number of vulns | |||
- edges represent the vulns a host has | |||
- cannot remove all edges by assumption - hosts always have some | |||
- increase entropy -> more disorder in edges | |||
Adding new kinds of systems => increase the space of vulnerabilities | |||
- attack surface goes up! | |||
If diversity is the answer, what is the question? | |||
- consider for Thursday | |||
</pre> | |||
Latest revision as of 17:58, 6 February 2025
Discussion Questions
- What is the basic model behind both of these systems? Hint: focus on the figures!
- What aspect(s) of security are these models capturing? What are they missing?
Notes
Lecture 9 --------- What is entropy? (G1) - least diverse -> least entropy So maybe increasing entropy (disorder) would increase security? - multiple kinds of software, hosts, etc But that seems chaotic and thus insecure? Entropy on a specific graph - hosts can have some number of vulns - edges represent the vulns a host has - cannot remove all edges by assumption - hosts always have some - increase entropy -> more disorder in edges Adding new kinds of systems => increase the space of vulnerabilities - attack surface goes up! If diversity is the answer, what is the question? - consider for Thursday