![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
On what I do
You may have seen this article on Peter G. Neumann: Killing the Computer to Save It. It was making the rounds a few weeks ago. (Note that you can read NYT articles without logging in if you turn on temporary cookies and then click the link.)
In case you were curious or maybe thought some of that sounded familiar, that is indeed the same DARPA grant that drew me to the US for this postdoc. I'm on CRASH or "Clean-Slate Design of Resilient Adaptive Secure Hosts." The article has a short mention of the stuff we're doing:
That barely touches on all the cool stuff we're doing, since the article isn't exactly about our work at UNM & UVA, but it was pretty neat to see it in the news.
In case you were curious or maybe thought some of that sounded familiar, that is indeed the same DARPA grant that drew me to the US for this postdoc. I'm on CRASH or "Clean-Slate Design of Resilient Adaptive Secure Hosts." The article has a short mention of the stuff we're doing:
Clean Slate is financing research to explore how to design computer systems that are less vulnerable to computer intruders and recover more readily once security is breached.
Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.
“Nature abhors monocultures, and that’s exactly what we have in the computer world today,” said Dr. Shrobe. “Eighty percent are running the same operating system.”
Lessons From Biology
To combat uniformity in software, designers are now pursuing a variety of approaches that make computer system resources moving targets. Already some computer operating systems scramble internal addresses much the way a magician might perform the trick of hiding a pea in a shell. The Clean Slate project is taking that idea further, essentially creating software that constantly shape-shifts to elude would-be attackers.
That the Internet enables almost any computer in the world to connect directly to any other makes it possible for an attacker who identifies a single vulnerability to almost instantly compromise a vast number of systems.
But borrowing from another science, Dr. Neumann notes that biological systems have multiple immune systems — not only are there initial barriers, but a second system consisting of sentinels like T cells has the ability to detect and eliminate intruders and then remember them to provide protection in the future.
In contrast, today’s computer and network systems were largely designed with security as an afterthought, if at all.
That barely touches on all the cool stuff we're doing, since the article isn't exactly about our work at UNM & UVA, but it was pretty neat to see it in the news.