The Biology of Network Security

Bob Brown writes "A University of New Mexico researcher is taking lessons from biology and using them to try to stymie hackers and viruses. Projects such as RISE attempt to secure computers and networks by promoting application diversity." From the article: "Diversity of systems and applications can play a key role in safeguarding computers and networks from malicious attacks, Forrest said. Her team published a paper last year on a system dubbed RISE (Randomized Instruction Set Emulation) (PDF) that randomizes an application's machine code to stymie would-be attacks, such as those launched via binary code injection."

Gee, ya think?

[Otter]

She said this idea didn't fly very well with hardware engineers at Intel with whom she spoke to last year, as they envisioned having to build different chips around all these different instruction sets.

Gee, ya think?

Forrest's team got around this issue by building its technology atop virtual machine software dubbed Valgrind that she said provided flexibility because it is open source but that is not as efficient as she would have liked.

Gee, ya think?

Forrest acknowledged that the RISE system is unwieldy in some ways and still has kinks to work out...

Gee, ya think?

Extinction?

[MECC]

Would that include extinction of species with inadequate immune systems?

Re:Extinction?

[Opportunist]

Unfortunately, no. The "new" kind of infectors don't aim at killing the host. They just want to "milk" it. They want its processing power, its connection speed, its information and its user's credit card number.

Ok, then we have evolution

[Opportunist]

"We already have malicious code that can replicate and spread itself. The only thing we're missing in terms of real Darwinian evolution is mutation,"

Nope. Polymorph viruses are not really unknown. Right now as we speak, they make a comeback.

So.... Computer CJD?

[weetabix]

So, what happens when someone finds a way to either a) run code right on the hardware and bypass the virtualization, or b) finds some small snippety of code (a binary prion, perhaps?) that plays hell with this RISE? I mean.... Mad Cow Disease is a prion.... Mad Computer Disease next?

Re:Infrastructure doesn't work like biology

[Whiney+Mac+Fanboy]

Sure, in biology, differences help make the species stronger. Not true in IT.

Depends how big the difference are.

Take for example address space randomization (part of execshield). I'll quote redhat's explanation of it (as it's quite good):

The idea behind Address Space Randomization is to put program code at a different address each time it starts. This way, an exploit can't know where the return address pointer should point to.

Protects against many buffer overflow attacks (regardless of the hardware), with no cost to your 'standardized environment'.

Pity windows & macOS don't have something similar.

Wouldn't work outside of Open Source

[gzearfoss]

It's a novel concept, but I can't picture how it would work outside of Open Source software.
To run a program on such a chipset, it must be specifically compiled for that chipset. So for commercial applications, you either require a separate version for every possible chipset, or a method for the user to compile it for their computer. The latter isn't rational - all it takes is a single unscrupulous user to leak the code, the program gets out of your control. As for the former, I can picture going to a store and being told, "Oh, sorry. We're all out of Office for Chipset 0xDEADBEEF. Is Chipset 0xDEADBEEE ok instead?"