Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Biology of Network Security

Posted by ryuzaki0 on from the bionic-firewall dept.

Bob Brown writes "A University of New Mexico researcher is taking lessons from biology and using them to try to stymie hackers and viruses. Projects such as RISE attempt to secure computers and networks by promoting application diversity." From the article: "Diversity of systems and applications can play a key role in safeguarding computers and networks from malicious attacks, Forrest said. Her team published a paper last year on a system dubbed RISE (Randomized Instruction Set Emulation) (PDF) that randomizes an application's machine code to stymie would-be attacks, such as those launched via binary code injection."

15 of 85 comments (clear)

  1. Gee, ya think? by Otter · · Score: 2, Insightful
    She said this idea didn't fly very well with hardware engineers at Intel with whom she spoke to last year, as they envisioned having to build different chips around all these different instruction sets.

    Gee, ya think?

    Forrest's team got around this issue by building its technology atop virtual machine software dubbed Valgrind that she said provided flexibility because it is open source but that is not as efficient as she would have liked.

    Gee, ya think?

    Forrest acknowledged that the RISE system is unwieldy in some ways and still has kinks to work out...

    Gee, ya think?

    --
    What I'm listening to now on Pandora...
  2. Extinction? by MECC · · Score: 2, Insightful

    Would that include extinction of species with inadequate immune systems?

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
    1. Re:Extinction? by Opportunist · · Score: 3, Insightful

      Unfortunately, no. The "new" kind of infectors don't aim at killing the host. They just want to "milk" it. They want its processing power, its connection speed, its information and its user's credit card number.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Extinction? by LordKazan · · Score: 2, Informative

      So you mean they're parasites since we're using biological terminology

      --
      If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
    3. Re:Extinction? by TommyBlack · · Score: 2, Funny

      >>So you mean they're parasites since we're using biological terminology

      Yeah, just like end-users.

      <g>

      --
      Why do my serious comments get modded "funny"?
  3. Ok, then we have evolution by Opportunist · · Score: 2, Insightful

    "We already have malicious code that can replicate and spread itself. The only thing we're missing in terms of real Darwinian evolution is mutation,"

    Nope. Polymorph viruses are not really unknown. Right now as we speak, they make a comeback.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Diversity is the key by mtenhagen · · Score: 2, Informative

    The key point in network security is diversity and multiple layers of security. When there is a fault (due to whatever cause) in one of the layers only that layer will be comprimised but no real severe damage done.

    Ofcourse it is important that those layers are created and maintained by several entity's.

    A simple example:
    - Have your network guys maintain your firewalls
    - Have all traffic go through a application gateway which is maintained by a third party.
    - Have system administrators to secure the system

    Ofcourse adding layers increases costs and security.

    --
    200GB/2TB $7.95 Coupon: SAVE90DOLLAR
  5. Intel not so happy by TubeSteak · · Score: 3, Interesting
    She said this idea didn't fly very well with hardware engineers at Intel with whom she spoke to last year, as they envisioned having to build different chips around all these different instruction sets. Forrest's team got around this issue by building its technology atop virtual machine software dubbed Valgrind that she said provided flexibility because it is open source but that is not as efficient as she would have liked.
    I imagine that Palladium style code checking wouldn't be to happy with programs that did funny things like this. I could be wrong, but off the top of my head, it seems plausible.

    As for mutation aka polymorphism (she talks about this at the end of TFA), doesn't she know about virii having built-in mutators? And metamorphic code does almost the exact same thing she's talking about in RISE.
    --
    [Fuck Beta]
    o0t!
  6. Write your own by digitaldc · · Score: 3, Funny

    "This is a little tricky because we don't want to make everyone write their own operating system or e-mail reader from scratch or even learn a new interface," Forrest said.

    Speak for yourself, this is a lifelong obsession.

    A wise man once said - 'Never connect to the internet and your troubles will be few.'

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  7. So.... Computer CJD? by weetabix · · Score: 3, Insightful

    So, what happens when someone finds a way to either a) run code right on the hardware and bypass the virtualization, or b) finds some small snippety of code (a binary prion, perhaps?) that plays hell with this RISE? I mean.... Mad Cow Disease is a prion.... Mad Computer Disease next?

    --

    -- "It's tough to run with both feet stuck in your mouth" - Zoe's evil side

  8. Re:Infrastructure doesn't work like biology by Whiney+Mac+Fanboy · · Score: 4, Insightful
    Sure, in biology, differences help make the species stronger. Not true in IT.

    Depends how big the difference are.

    Take for example address space randomization (part of execshield). I'll quote redhat's explanation of it (as it's quite good):
    The idea behind Address Space Randomization is to put program code at a different address each time it starts. This way, an exploit can't know where the return address pointer should point to.
    Protects against many buffer overflow attacks (regardless of the hardware), with no cost to your 'standardized environment'.

    Pity windows & macOS don't have something similar.
    --
    There are shills on slashdot. Apparently, I'm one of them.
  9. Marcus Ranum had an opion on this by Anonymous Coward · · Score: 2, Interesting

    Marcus Ranum's opinion
    -----------------------
    Monoculture Hype Alert!
    NSF Grants Two Universities $750,000 to Study Computer Monocultures (25 November 2003)
    With the help of a $750,000 National Science Foundation grant, Carnegie Mellon University and the University of New Mexico will study computer "monocultures" and the benefits of diverse computing environments. "The researchers intend to create an application that could generate diversity in key aspects of software programs, thus making the same vulnerability less effective as a means of attack against the population as a whole."
    $750,000 to sit around and whine about Microsoft? How do I get a gig like that?!

    The Myth of Monoculture
    Recently, my friends Dan Geer and Bruce Schneier (along with other smart people) published a paper postulating that our computing environments are at risk of security disasters because of a "Microsoft Monoculture." This paper has gotten a tremendous amount of attention lately. Unfortunately, I think that many of the papers' proponents have forgotten that the paper is an analogy and not real science. Arguing by analogy is illuminating but also distracting.

    See link below for the full opinion on "The Myth of Monoculture".

    http://www.ranum.com/security/computer_security/ed itorials/monoculture-hype/index.html

  10. Wouldn't work outside of Open Source by gzearfoss · · Score: 2, Insightful

    It's a novel concept, but I can't picture how it would work outside of Open Source software.
    To run a program on such a chipset, it must be specifically compiled for that chipset. So for commercial applications, you either require a separate version for every possible chipset, or a method for the user to compile it for their computer. The latter isn't rational - all it takes is a single unscrupulous user to leak the code, the program gets out of your control. As for the former, I can picture going to a store and being told, "Oh, sorry. We're all out of Office for Chipset 0xDEADBEEF. Is Chipset 0xDEADBEEE ok instead?"

    1. Re:Wouldn't work outside of Open Source by RexRhino · · Score: 2, Interesting

      You could compile your source code to some sort of abstracted binary code (similiar to a java virtual machine), and then compile that into your real machine code on the local machine.

  11. Re:Microsoft and Cockroaches by hr+raattgift · · Score: 2, Informative
    Cockroaches don't fight off infections. Their systems are designed/evolved to work in spite of infection.


    No, B. germanica, like other arthropods, has two primary active immunocytes, namely the granulocytes and the plasmatocytes. The former are particularly cool in the cockroach -- their granulocytes (GRs) discover, encapsulate, and phagocytize foreign substances. In fact, unlike in other arthropods, cockroach GRs are particularly active in terms of encapsulation; they flatten and increase the number of microtubules and nuclear membrane pores. The latter mechanism enables the rapid production of tubulin by increasing the "channel width" between the ribosomes and the nuclear DNA. The former protects the GRs from the shearing forces the rapid encapsulation response creates within the cell. The cockroach GRs are in some ways closer to the human macrophage than to typical arthropod active immunocytes.

    Plasmatocytes (PLs) adhere to foreign substances in a clotting response geared to isolate it from the rest of the cockroach. PLs also have a phagocytizing role in the cockroach.

    Both the GRs and the PLs display an accelerated response if the organism is reintroduced to the same foreign substance. This suggests that the cockroach immunocytes have the same sort of "memory" as vertebrate neutrophils and macrophages.

    Cockroaches meanwhile are also a host to a variety of microbes which provide a degree of passive immune response to common antigens -- various intestinal flora produce narrow-spectrum antibiotics which ward off dangerous infections.

    Although cockroaches have somewhat weaker structural defences against infection (spiracles for breathing instead of cilliated, mucous-protected airways; low pressure in the hemolymph instead of a bleeding response which washes away microbes in the envent of a skin/chitin-penetrating trauma), they have a highly-reactive immunoresponse which is less-costly energy-wise for the individual than regenerating tissues destroyed by infection and more successful (in the evolutionary fitness sense) for the species as a whole than accepting a lowered production of viable offspring because individuals are debilitated by infectious disease.

    In general the more cosmopolitan pests in Blattaria/Blattodea are biologically successful because they can cope with all sorts of toxins and microbes found in household detritus and waste that concentrates in cockroach feces, which is usually found near -- or in -- their food supply.

    So you would be more right if you said that cockroaches are evolving in environments full of infectious agents, and are obviously pretty successful there.

    Otherwise healthy household mammals that encounter cockroaches have little to fear from cockroaches, their "helpful" microbes, their "harmful" microbes (which are held in check by the cockroach immune system), or whatever concentrates in their feces, except that there are some humans (and probably other mammals) who suffer an intense immunoglobin-E mediated allergic reaction to many antigens which accumulate in cockroach poo.