|
System security as it is practiced today is a losing battle. In
this paper, we outline a possible comprehensive solution for
binary-based attacks, using virtual machines, machine descriptions,
and randomization to achieve broad heterogeneity at the machine
level. This heterogeneity increases the ``cost'' of broad-based
binary attacks to a sufficiently high level that they cease to
become feasible. The convergence of several recent technologies
appears to make our approach achievable at a reasonable cost, with
only moderate run-time overhead.
|
