Taking Cues from Mother Nature to Foil Cyber Attacks
Taking their cues from Mother Nature and biodiversity, computer scientists at Carnegie Mellon University and the University of New Mexico are collaborating on a National Science Foundation (NSF)-supported project to study "cyber-diversity" for computer systems as a way to fend off malicious viruses, worms and other cyber attacks.
In nature, diseases are most devastating when an infection-causing organism encounters a "monoculture," a vast swath of genetically similar individuals, each susceptible to the organisms method of attack. In the same vein, computer viruses and worms exploit the same flaw on every computer running the same software.
"We are looking at computers the way a physician would look at genetically related patients, each susceptible to the same disorder," said Mike Reiter, a professor of electrical and computer engineering and computer science at Carnegie Mellon and associate director of CyLab, a Carnegie Mellon initiative focused on advancing cybersecurity technology and education. "In a more diverse population, one member may fall victim to a pathogen or disorder, while another might not have the same vulnerability."
"Our project seeks to reduce computer vulnerability by automatically changing certain aspects of a computers software," said Dawn Song, an assistant professor of electrical and computer engineering and computer science at Carnegie Mellon. "Adapting this idea in biology to computers may not make an individual computer more resilient to attack, but it aims to make the whole population of computers more resilient in aggregate."
The existence of the same flaw on many computers is routinely exploited by attackers via Internet worms such as Code Red, which infected over 350,000 systems in just 13 hours using a single vulnerability.
Earlier approaches toward diversity in software attempted to develop different versions of the same software by independent teams, the idea being that the versions would naturally evolve different sets of vulnerabilities. However, such a manual approach is economically expensive and takes a long time, the researchers said.
"We are investigating various new methods for automating the diversity process at different system levels," said Stephanie Forrest, professor of computer science at New Mexico. "Our automated approach has the potential to be more economical and could introduce more diversity into computer systems." Attackers would then have less information about individual computers and would have to approach each computer differently.
"This work, bridging technical disciplines and taking the economics of security solutions into account, represents the kind of innovative thinking that NSFs Cyber Trust program hopes to stimulate in the research community," said Carl Landwehr, NSF program director. The Carnegie Mellon and New Mexico collaboration is supported by a $750,000 award from NSF, the independent federal agency that supports fundamental research and education across all fields of science and engineering.
Principal Investigators: Dawn Song, CMU, (412) 268-4268, email@example.com
Mike Reiter, CMU, (412) 268-1318, firstname.lastname@example.org
Stephanie Forrest, UNM, (505) 277-7104, email@example.com
David Hart | NSF