Skip the navigation

Sidebar: Pentagon Seeks New Generation of Computer Security

An interview with DARPA program manager Lee Badger.

By Gary Anthes
December 22, 2003 12:00 PM ET

Computerworld - The U.S. Defense Advanced Research Projects Agency is evaluating a number of proposals from companies and universities to develop technology for its Self-Regenerative Systems (SRS) program.
In its request for proposals, DARPA explains the problem this way: "Network-centric warfare demands robust systems that can respond automatically and dynamically to both accidental and deliberate faults. Adaptation of fault-tolerant computing techniques has made computing and information systems intrusion-tolerant and much more survivable during cyber attacks, but even with these advancements, a system will inevitably exhaust all resources in the face of a sustained attack by a determined cyber adversary."
The military wants to address these deficiencies by creating a new generation of security and survivability technologies. The technologies will draw on biological processes and human cognition for inspiration. Says DARPA, "The overarching goals of the SRS program are to implement systems that always provide critical functionality and show a positive trend in reliability, actually exceeding initial operating capability and approaching a theoretical optimal performance level over long time intervals.
"Desired capabilities include self-optimization, self-diagnosis and self-healing," DARPA says. "It will be important for systems to support self-awareness and reflection in order to achieve these capabilities."
DARPA is looking for systems in which diversity limits the impact of any given vulnerability. Coarse-grained diversity -- for example, using several different operating systems or server software packages in an architecture -- has been used to achieve intrusion tolerance, DARPA says, but that approach was limited by the relatively small number of manually created interchangeable operating systems, server packages and similar software components. The technical approach of the SRS program is to achieve fine-grained diversity at the software module level and to automatically generate numerous diverse software versions.
Computerworld recently discussed the SRS program with DARPA program manager Lee Badger.
Do biological processes provide just nifty metaphors, or can security researchers really get practical ideas from them? The research we are going to fund will explore that. We can look at biological systems and attempt to emulate some of the strategies that they take in order to survive.
Can you give an example? Natural systems use a lot of diversity, so that the same cold that gets one of us doesn't get the other, we hope. In the current state of computing, there is not a whole lot of diversity because the economies of scale are such that it just makes so much more sense to generate many identical copies of a piece of software. So ... perhaps we could introduce diversity to avoid common known failures.
How might one introduce diversity? There are

Our Commenting Policies