A Different Approach to System Security

I enjoy it when science fiction has something useful to say about computer security. Towards the end of Iain M. Banks’ Matter, there’s a big space battle and we find this passage:

“Compromised,” Hippinse told him. “Taken over by the other side. Persuaded by a sort of thought-infection.”

“Does that happen a lot, sir?”

“It happens.” Hippinse signed. “Not to Culture ships, as a rule; they write their own individual OS as they grow up, so it’s like every human in a population being slightly different, almost their own individual species despite appearances; bugs can’t spread. The Morthanveld like a degree more central control and predictability in their smart machines. That has its advantages too, but it’s still a potential weakness. This Iln machine seems to have exploited it.”

Monoculture is an obvious and serious danger. For example, about the 2003 Slammer/Sapphire worm:

Propagation speed was Sapphire’s novel feature: in the first minute, the infected population doubled in size every 8.5 (±1) seconds. The worm achieved its full scanning rate (over 55 million scans per second) after approximately three minutes, after which the rate of growth slowed down somewhat because significant portions of the network did not have enough bandwidth to allow it to operate unhindered. Most vulnerable machines were infected within 10-minutes of the worm’s release.

Imagine the damage a similar worm could do today, or in 20 or 100 years, if properly weaponized.

I know there are automated approaches to diversity (ASLR, randomized instruction sets, etc.) but I found “they write their own individual OS as they grow up” to be a very charming idea, perhaps in part because it is so wildly impractical today.

9 replies on “A Different Approach to System Security”

  1. I often think the principal problem of this new age of software is not software reuse, but software over-reuse, of which the monoculture is a side-effect.

  2. Ben, I like that idea. Maybe if programming wasn’t so painful we wouldn’t need to reuse so much. Hey, maybe this explains why I like Perl — easy to write, hard to reuse.

  3. So you see — security through obscurity *does* work. It’s just a different kind of obscurity we should be going for.

  4. I know you don’t like Perl, Ben, but it actually would save the world.

    C would just segfault.

    C++ would give a three-page template error.

    Java would still be in the class loader.

    OCaml would inform us “This expression has type t but is here used with type t”

    But Perl would just save the fucking world, and probably in one line of random-looking crap.

  5. Perl would certainly save the world, but by the time you add ‘use strict’ and ‘use World’ from CPAN it would be more like 5 lines… 🙂

    #!/usr/bin/perl -w
    use strict;
    use World qw(Save);
    my $w = World->new();

  6. “But Perl would just save the fucking world, and probably in one line of random-looking crap.”

    thanks. you just made this perl weenie smile.

  7. Actually, I can see this happening. After the apocalypse, when the world is burning, a sole Linux machine boots, lacking all development tools except a perl interpreter. Frightening 😀

  8. I wish new, quality and long serving software were launched every day. Sometimes we are forced to re-use older software and thus negatively affecting our daily business routine. Above all, we are hoping for the best.

Comments are closed.