Sidebar: Pentagon Seeks New Generation of Computer Security
An interview with DARPA program manager Lee Badger.
Computerworld - The U.S. Defense Advanced Research Projects Agency is evaluating a number of proposals from companies and universities to develop technology for its Self-Regenerative Systems (SRS) program.
In its request for proposals, DARPA explains the problem this way: "Network-centric warfare demands robust systems that can respond automatically and dynamically to both accidental and deliberate faults. Adaptation of fault-tolerant computing techniques has made computing and information systems intrusion-tolerant and much more survivable during cyber attacks, but even with these advancements, a system will inevitably exhaust all resources in the face of a sustained attack by a determined cyber adversary."
The military wants to address these deficiencies by creating a new generation of security and survivability technologies. The technologies will draw on biological processes and human cognition for inspiration. Says DARPA, "The overarching goals of the SRS program are to implement systems that always provide critical functionality and show a positive trend in reliability, actually exceeding initial operating capability and approaching a theoretical optimal performance level over long time intervals.
"Desired capabilities include self-optimization, self-diagnosis and self-healing," DARPA says. "It will be important for systems to support self-awareness and reflection in order to achieve these capabilities."
DARPA is looking for systems in which diversity limits the impact of any given vulnerability. Coarse-grained diversity -- for example, using several different operating systems or server software packages in an architecture -- has been used to achieve intrusion tolerance, DARPA says, but that approach was limited by the relatively small number of manually created interchangeable operating systems, server packages and similar software components. The technical approach of the SRS program is to achieve fine-grained diversity at the software module level and to automatically generate numerous diverse software versions.
Computerworld recently discussed the SRS program with DARPA program manager Lee Badger.
Do biological processes provide just nifty metaphors, or can security researchers really get practical ideas from them? The research we are going to fund will explore that. We can look at biological systems and attempt to emulate some of the strategies that they take in order to survive.
Can you give an example? Natural systems use a lot of diversity, so that the same cold that gets one of us doesn't get the other, we hope. In the current state of computing, there is not a whole lot of diversity because the economies of scale are such that it just makes so much more sense to generate many identical copies of a piece of software. So ... perhaps we could introduce diversity to avoid common known failures.
How might one introduce diversity? There are
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...