University of New Mexico prof says diversity could be key to beating back computer attacks.By Bob Brown, NetworkWorld.com,
04/14/06
SourceWhen a new virus strikes, some of us might fall ill, some might die and others will survive. That's the beauty of us each having a unique immune system.
It's a concept that the computer security industry should take to heart, said
Stephanie Forrest, a professor of computer science at the University of New Mexico, who spoke this week at a Symposium on Information Security and Privacy in Boston. The event was organized by Boston University to celebrate the launch of its
Center for Reliable Information Systems and Cyber Security, an outfit that is taking the sort of interdisciplinary approach to computer security that Forrest endorses.
Diversity of systems and applications can play a key role in safeguarding computers and networks from malicious attacks, Forrest said. Her team published a paper last year on a system dubbed RISE (Randomized Instruction Set Emulation) (
PDF) that randomizes an application's machine code to stymie would-be attacks, such as those launched via binary code injection.
"One reason computers are so vulnerable to attack is that they are all the same," Forrest said. "In order for [buffer overflow and other attacks] to be introduced successfully, they require the attackers to know a lot about the program that the victim machine is running. The reason the attacker knows all of these details is because of widely replicated software."
Making each computer unique would make life a lot tougher on attackers, she said.
"This is a little tricky because we don't want to make everyone write their own operating system or e-mail reader from scratch or even learn a new interface," Forrest said. "The look and feel of the program and underlying functionality when it computes needs to somehow be constant."
The key to the RISE project was protecting code on systems rather than standing guard at each port, as other security systems have done, she said. RISE accomplishes its task by enabling each process to run its own instruction set.
She said this idea didn't fly very well with hardware engineers at Intel with whom she spoke to last year, as they envisioned having to build different chips around all these different instruction sets. Forrest's team got around this issue by building its technology atop virtual machine software dubbed
Valgrind that she said provided flexibility because it is open source but that is not as efficient as she would have liked.
Forrest acknowledged that the RISE system is unwieldy in some ways and still has kinks to work out, but has proven tough to crack, as teams from other schools have tried to break it and failed.
RISE hasn't been commercialized, though past work from Forrest's team has been, such as immunology-inspired technology now found in Sana Security's Primary Response offerings.
What really has Forrest worried about computer security today ties into another biological concept: evolution.
"We already have malicious code that can replicate and spread itself. The only thing we're missing in terms of real Darwinian evolution is mutation," she said.