By Tuan Nguyen
Posting in Design
Researchers at DARPA have cybersecurity projects underway that may someday change the way we counter the threat of viruses and other types of malware.
When new viruses are unleashed into cyberspace, software makers need to find the virus' signature and quickly release updates to prevent the bug from inflecting damage. The time delay from when viruses are identified and when fixes are sent out can leave computer systems vulnerable to a cyberattack.
Researchers at the U.S. military's Defense Advanced Research Projects Agency, or DARPA, have cybersecurity projects underway that may someday change the way we counter the threat of viruses and other types of malware.
One program called the Clean-slate Design of Resilient, Adaptive, Secure Hosts, or CRASH, program was created to not only develop technology that would protect computers from viruses but also enable them to recover and repair themselves.
The idea for CRASH came about during a workshop that brought together security experts and infectious disease biologists to brainstorm new approaches to dealing with cyberattacks. One notable idea that arose from the discussion was that perhaps computer systems can be manufactured in a manner that allows it defeat a viral infection the same way the human immune system fends off the flu or chicken pox.
To ward off diseases, the human body operates from the standpoint that viruses and bacteria will get past it's defenses now and then. Also, biological viruses won't affect everyone the same since there is a good degree of genetic diversity between any two people.
Computer hardware, however, are built pretty similarly. Malware programmers can look to inflict damage to a wide network of computers by successfully targeting just one PC. Kaigham Gabriel, DARPA's deputy director, thinks that adding certain security enhancements would give computers a sort of genetic diversity, making them less vulnerable to infections.
In a interview, Gabriel told the American Forces Press Service:
"The idea is to look at the structure of computers, which are identical and have no security in the hardware ... because performance was king 15 or 20 years ago," he said. "Transistors and computer performance were precious and you didn't give up any of it to security. Now, the world is different."
Another program the agency has in the works is Programming Computation on Encrypted Data (or PROCEED -- those military types love their acronyms). The goal of the program is to create technologies that would allow data to stay in a protected state of encryption even while programmers operate on it.
"Encryption is one way of protecting things, but if you want to operate on encrypted data -- process it, do something with it -- you have to decrypt it first. You operate on it while it's in a decrypted state, then take your result, encrypt that again and send it on," Gabriel told the AFPS.
Although both projects are currently for military purposes, technological developments within government agencies are noteworthy because often such achievements can lead to real-world applications for consumers. Let's not forget that behind the closed doors of DARPA was where the internet was born in the first place.
Photo: Lockheed Martin
Related on SmartPlanet:
Jan 6, 2011
Hardware is indeed pretty much alike, but nowhere the same-same as the Windows operating system across the Govt. Why would a bad guy go for the tougher-to-reach hardware when a complex, low-security OS is sitting right there running wel-known applicaitions (IE browser, Adobe, etc.) ready to exploit? Bruce Schneier writes of Software Monoculture (http://www.schneier.com/blog/archives/2010/12/software_monocu.html). In the near term, a better thing to do would be deploy a few flavors of locked-down OS's (say Windows + Red Hat Linux + Mac) so only a third or so of the network could crash at once. DARPA seeks the far future (Go DARP!)... but we in the closer-to-now, practical world should pick these lower fruits. Secondly, adding hardware diversity could be as simple using the widely deployed Trusted Platform Module (TPM) and add-on 'unique' encrypted hardware that are locked to specific applications.
Great story, makes sense, looking forward to no longer spending every moment battling all the hazards of the Web. Thanks DARPA!
So, if you keep thinking along the line of the body's self-defense mechanisms... witness cell reproduction: it's the ultimate way to keep an poorly protected network of components from virus spread/corruption by allowing it to continuously duplicate and replace aging/sick/dead parts based on an master DNA. QED = if you constantly wipe and reinject random OS or App code during idle time (and do the same to always on system files during restarts) then you're on to something! My local library wipes and reformats the pubilc PCs via a network image every night, which forces users to work from data on a removable drive if they want it to persist. Wouldn't it be better to implement this sequentially on a microsecond frequency instead?