Presentation is loading. Please wait.

Presentation is loading. Please wait.

Frederick P. Brooks, Jr. Kenan Professor & Department Founder.

Published byLester Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "Frederick P. Brooks, Jr. Kenan Professor & Department Founder."— Presentation transcript:

1 Frederick P. Brooks, Jr. Kenan Professor & Department Founder

2 Some Things that Computer Science can Learn from Nature Mike Reiter Lawrence M. Slifkin Distinguished Professor Department of Computer Science University of North Carolina at Chapel Hill

3 Natural Science and Computer “Science” Natural science: any of the sciences (e.g., physics, chemistry, or biology) that deal with matter, energy, and their interrelations and transformations In contrast, computer science is a “formal science”  Some have even argued that computer science is not a science at all Computer Science derived from math and engineering primarily, not from the natural sciences Numerous qualitative differences have been suggested, mostly deriving from their objects of study

4 Computer Science [Mowry] Tools: Mathematical Reasoning Computing (i.e. writing & running code) Used to Improve: Computers Everything Else (e.g., Medicine, Entertainment, Business, Safety, Science, etc.)

5 Computer Science [Mowry] Tools: Mathematical Reasoning Computing (i.e. writing & running code) Used to Improve: Computers Everything Else (e.g., Medicine, Entertainment, Business, Safety, Science, etc.) Systems Theory Applications

6 Computer Science [Mowry] Tools: Computing (i.e. writing & running code) Used to Improve: Computers Everything Else (e.g., Medicine, Entertainment, Business, Safety, Science, etc.)

7 Computing Systems vs. Natural Systems “Natural systems are much more complex than computers.” Just because we built computers doesn’t mean we understand them

8 Computing Systems vs. Natural Systems “Natural systems adapt.” email propagation of malicious code “stealth”/advanced scanning techniques widespread attacks using NNTP to distribute attack widespread attacks on DNS infrastructure executable code attacks (against browsers) automated widespread attacks GUI intruder tools hijacking sessions Internet social engineering attacks automated probes/scans widespread denial-of-service attacks techniques to analyze code for vulnerabilities without source code DDoS attacks increase in worms sophisticated command & control anti-forensic techniques home users targeted distributed attack tools increase in wide- scale Trojan horse distribution Windows-based remote controllable Trojans (Back Orifice) Intruder Knowledge 19902004 packet spoofing Attack Sophistication

9 Computing Systems vs. Natural Systems Source: http://www.caida.org This is not a depiction of any biological phenomenon It’s the geographic spread of Sapphire worm 30 minutes after release

10 Can CS Learn from Nature? Modularity

11 Can CS Learn from Nature? Diversity

12 Can CS Learn from Nature? Redundancy

13 Modularity Decomposing a system into components separated by narrow interfaces at which access control is applied  Often separation is enforced by physical constraints Modularity  least privilege (in my view)  Can be thought of as a method of damage containment 13

14 Modularity: Trusted Computing Base (TCB) 14 CPU, RAM TPM, Chipset CPU, RAM TPM, Chipset DMA Devices (Network, Disk, USB, etc.) OS App S S 1 … DMA Devices (Network, Disk, USB, etc.) OS App 1 … S S Shim

15 Modularity: TPM Background The Trusted Platform Module (TPM) is a dedicated security chip It can provide an attestation to remote parties  Platform Configuration Registers (PCRs) summarize the computer’s software state  PCR_Extend(N, V): PCR N  SHA-1(PCR N | V)  TPM provides a signature over PCR values TPM spec v1.2 includes dynamic PCRs  Values can be reset without a reboot 15

16 Modularity: Late Launch Background Supported by new commodity CPUs  SVM for AMD  TXT (formerly LaGrande) for Intel Designed to launch a VMM without a reboot  Hardware-based protections ensure launch integrity New CPU instruction (SKINIT/SENTER) accepts a memory region as input and atomically:  Resets dynamic PCRs  Disables interrupts  Extends a measurement of the region into PCR 17  Begins executing at the start of the memory region 16

17 Modularity: The Flicker System [w/ McCune, Parno, Perrig, and Seshadri] Core technique  Pause current execution environment  Execute security-sensitive code with hardware-enforced isolation  Resume previous execution Extensions  Preserve state securely across invocations  Attest only to code execution and protection  Establish secure communication with remote parties 17

18 Modularity: Flicker Execution Flow 18 TPM PCRs: K -1 … 000 CPU OS App Shim S S Module RAM OS App Module SKINIT Reset Inputs Outputs Module 0h0 0H00 Shim S S 000

19 Modularity: Flicker Attestation 19 TPM PCRs: 0 K -1 … TPM PCRs: K -1 … 000 Shim S S Inputs Outputs

20 Modularity: Flicker Attestation 20 TPM PCRs: K -1 … 000 Shim S S Inputs Outputs What code did you run? Shim S S Inputs Outputs Sign (), K -1

21 Diversity Studied first in the reliability community  Goal: Promote failure independence between program versions  Manual variant creation by different teams does not necessarily provide fault independence [Knight & Leveson 1986, Littlewood et al., 1989] More recently studied in security community  Goal: Increase attacker’s effort to compromise systems  Has been studied at O/S level, operator/user interface, and others [Forrest et al. 1997, Deswarte et al. 1998; Bain et al. 2000 …] Still an active topic of investigation  Ex: “Diversity as a computer defense mechanism: A panel” at the New Security Paradigms Workshop (NSPW) 2005 21

22 Diversity: Behavioral Distance [w/ Gao & Song] 22 “Behavioral distance” is a measurement of the extent to which the system calls indicate similar simultaneous behavior  A compromise of one variant causes divergence from other variant Apache Web Server Windows Linux Abyss Web Server System calls

23 Diversity: Behavioral Distance Diverse Platform (Windows and Linux)  Same system call number in two sequences are not really the “same”  System calls may not have a one-to-one correspondence  System call sequences may have different length Diverse Implementation (Apache and Abyss)  Difficult to map individual system calls between two sequences Experimented with two approaches  Evolutionary distance originally proposed to evaluate if two DNA sequences derive from a common ancestral sequence  Hidden Markov models

24 Diversity: Hidden Markov Models q1q1 q2q2 q3q3 30 % 70 % 10 % 25 % 65 % 100 % 50 % 10 % 90 % 50 % 30 % Transition Emission

25 Diversity: Hidden Markov Model for Behavioral Distance - -- 12 76 155768 274 “-” represents a dummy symbol

26 Diversity: Elements of the Hidden Markov Model Elements of the HMMMeanings when applied to behavioral distance Observable Symbol A pair of system calls (possibly one dummy symbol), one for each replica Hidden StateA task to be performed in processing a request State Transition Order in which tasks are performed in processing a request Symbol EmissionSystem calls used to perform any individual task Once the HMM is trained, the probability that the HMM would have produced an observed sequence can be used to detect intrusions

27 How Far Does the Analogy Go? These examples show how we can learn strategies for survival from natural systems I believe these examples are just a sample of what we can learn from nature about managing systems that we don’t understand  Even if we built them ourselves! There’s also plenty of room for doubt  Clearly nature has its failures (extinct species, global warming, …)  The tactics (implementations) are quite different But I hope I’ve encouraged you to think about computer science in the broader context of all sciences, and to look for new opportunities at their intersections

Download ppt "Frederick P. Brooks, Jr. Kenan Professor & Department Founder."

Similar presentations

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,
Vpn-info.com.

Vpn-info.com.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.

1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.

The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
1 Flicker: An Execution Infrastructure for TCB Minimization April 4, 2008 Jonathan McCune 1, Bryan Parno 1, Adrian Perrig 1, Michael Reiter 2, and Hiroshi.

1 Flicker: An Execution Infrastructure for TCB Minimization April 4, 2008 Jonathan McCune 1, Bryan Parno 1, Adrian Perrig 1, Michael Reiter 2, and Hiroshi.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Similar presentations

Ads by Google