Abstract-The idea of automatic software diversity is at least two decades old. The deficiencies of currently deployed defenses and the transition to online software distribution (the "App store" model) for traditional and mobile computers has revived the interest in automatic software diversity. Consequently, the literature on diversity grew by more than two dozen papers since 2008.Diversity offers several unique properties. Unlike other defenses, it introduces uncertainty in the target. Precise knowledge of the target software provides the underpinning for a wide range of attacks. This makes diversity a broad rather than narrowly focused defense mechanism. Second, diversity offers probabilistic protection similar to cryptography-attacks may succeed by chance so implementations must offer high entropy. Finally, the design space of diversifying program transformations is large. As a result, researchers have proposed multiple approaches to software diversity that vary with respect to threat models, security, performance, and practicality.In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches. We also point to open areas and unresolved challenges. These include "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software.
I. MOTIVATIONAs modern society grows increasingly dependent on the digital domain, adversaries abound in cyberspace. In spite of the combined efforts of the security community, reports of major software vulnerabilities that put millions of users at risk continue to be the norm rather than the exception.Whereas diversity provides protection and resilience in nature, the commoditization of the computer systems has made them increasingly homogeneous with respect to hardware, operating systems, applications, and everything in between. Homogeneity and standardization provide economies of scale, consistent behavior, and simplify the logistics of distributing programs. We therefore live in a software mono-culture.Unfortunately, homogeneity has turned out to be a doubleedged sword [26]. An attacker can readily download an identical copy of the commodity software running on their victims' systems and probe it for vulnerabilities. After turning a vulnerability into an exploit, the attacker can target all systems running copies of the vulnerable program. In other words, the software mono-culture creates economies of scale for attackers, too.Artificial software diversity aims to increase the cost to attackers by randomizing implementation aspects of programs. This forces attackers to target each system individually, substantially raising the bar on mass scale exploitation. Without knowledge of the program implementation hosted on a particular system, targeted attacks become significantly harder, too.The idea of protecting programs with artificially generated diversity is at least two decades old [13]. However, compilerbased software diversity has only recently beco...