When a new virus strikes, some of us might fall ill, some might die and others will survive. That’s because each of us has a unique immune system.
It’s a concept that the computer security industry should take to heart, said Stephanie Forrest, a professor of computer science at the University of New Mexico, who spoke this month at a Symposium on Information Security and Privacy in Boston.
The event was organized by Boston University to celebrate the launch of its Center for Reliable Information Systems and Cyber Security, an outfit that is taking the sort of interdisciplinary approach to computer security that Forrest endorses.
Diversity of systems and applications can play a key role in safeguarding computers and networks from malicious attacks, Forrest said. Her team published a paper last year on a system dubbed RISE (Randomized Instruction Set Emulation) (PDF at this Web site ) that randomizes an application’s machine code to stymie would-be attacks, such as those launched via binary code injection.
“One reason computers are so vulnerable to attack is that they are all the same,” Forrest said. “In order for [buffer overflow and other attacks] to be introduced successfully, they require the attackers to know a lot about the program that the victim machine is running. The reason the attacker knows all of these details is because of widely replicated software.”
Making each computer unique would make life a lot tougher on attackers, she said.
“This is a little tricky because we don’t want to make everyone write their own operating system or e-mail reader from scratch or even learn a new interface,” Forrest said. “The look and feel of the program and underlying functionality when it computes need to somehow be constant.”
The key to the RISE project was protecting code on systems rather than standing guard at each port, as other security systems have done, she said. RISE accomplishes its task by enabling each process to run its own instruction set.
She said this idea didn’t fly very well with hardware engineers at Intel with whom she spoke last year, as they envisioned having to build different chips around all these different instruction sets. Forrest’s team got around this issue by building its technology atop virtual machine software dubbed Valgrind.
She said it provided flexibility because it is open source, but was not as efficient as she would have liked.
QuickLink 062053
