Skip to content

A Different Approach to System Security

I enjoy it when science fiction has something useful to say about computer security. Towards the end of Iain M. Banks’ Matter, there’s a big space battle and we find this passage:

“Compromised,” Hippinse told him. “Taken over by the other side. Persuaded by a sort of thought-infection.”

“Does that happen a lot, sir?”

“It happens.” Hippinse signed. “Not to Culture ships, as a rule; they write their own individual OS as they grow up, so it’s like every human in a population being slightly different, almost their own individual species despite appearances; bugs can’t spread. The Morthanveld like a degree more central control and predictability in their smart machines. That has its advantages too, but it’s still a potential weakness. This Iln machine seems to have exploited it.”

Monoculture is an obvious and serious danger. For example, about the 2003 Slammer/Sapphire worm:

Propagation speed was Sapphire’s novel feature: in the first minute, the infected population doubled in size every 8.5 (±1) seconds. The worm achieved its full scanning rate (over 55 million scans per second) after approximately three minutes, after which the rate of growth slowed down somewhat because significant portions of the network did not have enough bandwidth to allow it to operate unhindered. Most vulnerable machines were infected within 10-minutes of the worm’s release.

Imagine the damage a similar worm could do today, or in 20 or 100 years, if properly weaponized.

I know there are automated approaches to diversity (ASLR, randomized instruction sets, etc.) but I found “they write their own individual OS as they grow up” to be a very charming idea, perhaps in part because it is so wildly impractical today.

{ 9 } Comments

  1. Ben L. Titzer | December 15, 2011 at 6:44 pm | Permalink

    I often think the principal problem of this new age of software is not software reuse, but software over-reuse, of which the monoculture is a side-effect.

  2. regehr | December 15, 2011 at 8:31 pm | Permalink

    Ben, I like that idea. Maybe if programming wasn’t so painful we wouldn’t need to reuse so much. Hey, maybe this explains why I like Perl — easy to write, hard to reuse.

  3. Jeroen Mostert | December 16, 2011 at 3:30 am | Permalink

    So you see — security through obscurity *does* work. It’s just a different kind of obscurity we should be going for.

  4. Ben L. Titzer | December 16, 2011 at 12:17 pm | Permalink

    World saved by perl? A very unexpected outcome 😉

  5. regehr | December 16, 2011 at 1:05 pm | Permalink

    I know you don’t like Perl, Ben, but it actually would save the world.

    C would just segfault.

    C++ would give a three-page template error.

    Java would still be in the class loader.

    OCaml would inform us “This expression has type t but is here used with type t”

    But Perl would just save the fucking world, and probably in one line of random-looking crap.

  6. Jonathan Thornburg | December 18, 2011 at 11:49 am | Permalink

    Perl would certainly save the world, but by the time you add ‘use strict’ and ‘use World’ from CPAN it would be more like 5 lines… :)

    #!/usr/bin/perl -w
    use strict;
    use World qw(Save);
    my $w = World->new();

  7. ligne | December 19, 2011 at 10:16 am | Permalink

    “But Perl would just save the fucking world, and probably in one line of random-looking crap.”

    thanks. you just made this perl weenie smile.

  8. Ben L. Titzer | December 19, 2011 at 3:40 pm | Permalink

    Actually, I can see this happening. After the apocalypse, when the world is burning, a sole Linux machine boots, lacking all development tools except a perl interpreter. Frightening 😀

  9. Mathanas | December 20, 2011 at 1:16 am | Permalink

    I wish new, quality and long serving software were launched every day. Sometimes we are forced to re-use older software and thus negatively affecting our daily business routine. Above all, we are hoping for the best.