ABSTRACT
Unlike homogeneous systems, heterogeneous ones, by their very nature, require customization and specialized configuration. These differences may, in turn, require separate verification and certification for each variant, not only increasing deployment costs, but also introducing subtle variations that an intruder may take advantage to attack. For this reason, we need common techniques and mechanisms that can ensure the same level of security for heterogeneous systems as we can expect with homogeneous ones. In addition, heterogeneous systems are likely to be more survivable against common-mode attacks where a single successful attack strategy can be used to compromise the entire population. Furthermore, heterogeneity may extend beyond a single system, where multiple systems – each one with its own management environment – form a system-of-systems. Different configurations and software drivers will need to be integrated in order to take advantage of the overall system’s capabilities. There may be some overlap of tools, however, older systems may be running older software for compatibility reasons. This creates the need for general administrators that may have a steep learning curve when trying to familiarize with the super-system.
