Protecting Whole Computer Ecosystems against Virus Attacks
23
Transcript of Protecting Whole Computer Ecosystems against Virus Attacks
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Protecting Whole Computer Ecosystems against
Virus Attacks
P. Cockshott, Wim Vanderbauwhede 1
1School of Computer Science
University of Glasgow
September 2013
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Outline
1 Motivation
Types of cyber attack
2 A new defence strategy
Traditional imunological defence
Ecosystem diversity
Permuted systems
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Outline
1 Motivation
Types of cyber attack
2 A new defence strategy
Traditional imunological defence
Ecosystem diversity
Permuted systems
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Actors
In the past cyber attacks were largely carried out by
amateurs or criminal gangs.
More recently they have been commercialised with a
market existing in the development and detection of
'exploits' or weaknesses.
Companies that develop these exploits can then market
them to defence and intelligence agencies.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Actors
In the past cyber attacks were largely carried out by
amateurs or criminal gangs.
More recently they have been commercialised with a
market existing in the development and detection of
'exploits' or weaknesses.
Companies that develop these exploits can then market
them to defence and intelligence agencies.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Actors
In the past cyber attacks were largely carried out by
amateurs or criminal gangs.
More recently they have been commercialised with a
market existing in the development and detection of
'exploits' or weaknesses.
Companies that develop these exploits can then market
them to defence and intelligence agencies.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Direct Interception
Government agencies like the UK GCHQ and the US NSA
systematically tap communications lines and hack into
internet switches to divert data.
Chat services like Facebook, Google and Skype must be
assumed to be tapped at the premises of the companies
running these services.
It is perhaps signi�cant that after Microsoft took over
Skype it switched the system to a server based rather than
peer to peer based making it easier to tap.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Traditional viruses.
These install themselves and then propagate either by
email or external storage media contact ( USB sticks or SD
cards )
The most notorious recent example was the Stuxnet virus,
which damaged the equipment in the Iranian gas centrifuge
plant
Transmitted via USB sticks
Speci�cally targeted industrial control software
Made equipment operate outside safe parameters
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Traditional viruses.
These install themselves and then propagate either by
email or external storage media contact ( USB sticks or SD
cards )
The most notorious recent example was the Stuxnet virus,
which damaged the equipment in the Iranian gas centrifuge
plant
Transmitted via USB sticks
Speci�cally targeted industrial control software
Made equipment operate outside safe parameters
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Bu�er over�ow attacks
These rely on badly written programmes on the host to
allow messages sent from an external source to overwrite
part of the programme.
When this happens the overwriting code gains control and
can install malware.
Such attacks can be launched from malicious websites.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Outline
1 Motivation
Types of cyber attack
2 A new defence strategy
Traditional imunological defence
Ecosystem diversity
Permuted systems
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Immunological model
This works on the model of the vertebrate aquired immune
system.
Our immune system learns to recognise pathogens and then
produces antibodies to them
On �rst encounter with a new virus we have no defence (
SARS, Ebola etc).
.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Anti virus software
Antivirus software relies on the providers of the software
recognising motifs in the malicious code and thus identifying it.
A brand new virus will not be detected unless it shares motifs
with previous versions
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Outline
1 Motivation
Types of cyber attack
2 A new defence strategy
Traditional imunological defence
Ecosystem diversity
Permuted systems
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Monocultures are vulnerable
Healthy BlightedAll organisms in monoculture have similar genetic structure if a
virus can infect one it can infect all.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Windows PCs and Android are two monocultures
Equivalent to the Genome of plants is the machine code of
the microprocessors.
Microprocessors with the same machine code and same
operating software can be infected by the same viruses.
PCs all have Intel instructionset.
Android phones all run Dalvik instructionset.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Outline
1 Motivation
Types of cyber attack
2 A new defence strategy
Traditional imunological defence
Ecosystem diversity
Permuted systems
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Machine codes
An machine code is a list of numbers with special meaning to
the computer for examplecode meaning
0 Load
1 Store
2 ADD
3 SUBTRACT
4 JUMP
...Machines can typically recognise hundreds of such codes.
Android recognises 256. All programmes run on the system rely
on having a standard interpretation of these codes.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Permutation
If you construct an chip device with a permuted machine code
no software designed for a standard chip will run on it.code meaning Permuted meaning
0 Load JUMP
1 Store ADD
2 ADD Load
3 SUBTRACT Store
4 JUMP SUBTRACT
...Thus no malware designed for the standard chip machine code
will run on it.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Each Chip Unique
It is in principle relatively easy to modify the design of a
processor chip so that it incorporates a permutation unit that
permutes the machine code.
Each chip would have a unique permutation table in �ash
memory, and thus run a unique machine code.
A 256 element permutation table allows 256! di�erent possible
machine codes.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
How would you use it
A binary to binary translator can convert existing software to
run on a machine with the permuted instructionset provided you
know the instructionset.
An organisation wants to secure its machines maintains a
database mapping machine MAC address to its permutation
table.
It keeps the permutation tables and database secret.
It then installs tailored copies of the operating software onto
each machine.
This then creates 'species barriers' preventing the spread of
viruses or other malware to its machines.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Precautions
The chip used should be a public modi�cation of an open core
design to prevent manufacturers introducing security back-doors
that byepass the precautions.
It should be born in mind that some governments can exert
considerable in�uence on national companies to do this.
P. Cock-shott, WimVander-bauwhede
Motivation
Types ofcyber attack
A newdefencestrategy
Traditionalimunologicaldefence
Ecosystemdiversity
Permutedsystems
Summary
Summary
Virus penetration of machines becoming more signi�cant
with the entry of state actors.
Application of ecological principles can combat this.
Requires either tailored chips or tailored Virtual Machines
