David E. Evans
Assistant Professor of Computer Science
School of Engineering and Applied Science
What Biology Can Teach Us About Computer Security
Witty Worm. Code-Red. Nimda. Sapphire/Slammer SQL.
Their names are curious, engaging, almost comical, but computer worms and other viruses are no laughing matter. Viruses and other malicious software cost businesses billions each year, and cause users hours of frustration.
Part of the problem is that modern viruses spread so quickly, the old ways of combating them are no longer effective. Machines are highly connected, and the Internet is open to everyone, so malicious code can spread remarkably quickly.
2003, the Cooperative Association for Internet Data Analysis reported
that the Sapphire/Slammer SQL worm spread worldwide in only 10 minutes,
and at its
peak — three minutes after its release — scanned the Internet at
more than 55 million addresses per second. Researchers have speculated that a
well-designed worm could infect all vulnerable machines on the Internet within
a few hours of its launch.
The problem with our current methods of fighting computer virus attacks is that we cannot cope with unfamiliar enemies. Computer antivirus software recognizes the signatures of known viruses, and gets rid of them. But it can’t get rid of a virus that it hasn’t seen before. Human intervention is needed to identify and analyze the attack code, create a signature for detecting it, and update anti-virus software to recognize and prevent the new attack.
effective defenses must be able to defend systems from attacks that do not
Consider the way in which the human immune system works. Viruses
and bacteria attack their human hosts. The human immune system responds
by isolating and
attacking the foreign bodies. It does this, responding to unfamiliar things,
what is familiar and concluding that what is not familiar is foreign and
must be eliminated. Unlike computer anti-virus software that recognizes
of known viruses, the human immune system is able to recognize and destroy
previously unknown viruses.
Computer systems, however, suffer from a lack of diversity. Nearly all computers on the Internet run the same operating systems and applications. Without diversity, systems all are vulnerable to the same attacks. A monoculture enables people to share programs and data, but means attacks can be shared in the same way.
Researchers are beginning to develop ways to build systems that are diverse as far as attackers are concerned, but still appear the same for legitimate users. DARPA, the Defense Advanced Research Project Agency, is funding research to develop technologies for computer systems that provide critical functions even while under attack. The projects funded under this new initiative include a $1 million contract to researchers at the University of Virginia and Carnegie Mellon University to explore the idea of biologically inspired diversity as an approach to computer security. The project goal is to add an element of diversity throughout the system without changing the way users interact with it.
Researchers are still grappling with the problem of how to automatically create enough diversity to foil attacks, while preserving the program behavior and performance users expect.
Unlike nature, where attacks evolve, computer attacks are engineered, and sophisticated attackers can design malicious code intended to circumvent or fool defenses. As in natural selection, there is a continual arms race between those attempting to build secure computer systems, and those attempting to compromise them.
For now, computer professionals are racing to keep pace with the attackers and struggling to develop specific defenses for every new attack. Before long, we hope to be able to create the computer equivalent of a broad-based antibiotic that can protect systems from any attack, known or unknown.
David Evans is an assistant professor in the Department of Computer Science whose research focuses on encryption and computer security.
|*All opinions on this page belong to the authors and do not necessarily reflect the opinions of the University of Virginia. All other text, images, logos and information contained on official University of Virginia Web sites are the intellectual property of U.Va. ©
by the Rector and Visitors of the University of Virginia
Faculty Opinions site edited and maintained by Charlotte Crystal