Software Diversity as a Measure for Reducing Development Risk

摘要

Despite the widespread adoption of software diversity in some industries, there is still controversy about its benefits for reliability, safety or security. We take the prospective of diversity as a risk reduction strategy, in face of the uncertainty about the dependability levels delivered by software development. We specifically consider the problem faced at the start of a project, when the assessment of potential benefits, however uncertain, must determine the decision whether to adopt diversity. Using probabilistic modelling, we discuss how different application areas require different measures of the effectiveness of diversity for reducing risk. Extreme values of achieved reliability, and especially, in some applications, the likelihood of delivering "effectively fault-free" programs, may be the dominant factor in this effect. Therefore, we cast our analysis in terms of the whole distribution of achieved probabilities of failure per demand, rather than averages, as usually done in past research. This analysis highlights possible and indeed frequent errors in generalizations from experiments, and identifies risk reduction effects that can be proved to derive from independent developments of diverse software versions. Last, we demonstrate that, despite the difficulty of predicting the actual advantages of specific practices for achieving diversity, the practice of "forcing" diversity by explicitly mandating diverse designs, development processes, etc., for different versions, rather than just ensuring separate development, is robust, in terms of worst-case effects, in the face of uncertainty about the reliability that the different methods will achieve in a specific project, a result with direct applicability to practice.