Home page logo

bugtraq logo Bugtraq mailing list archives

Re: To diversify and survive: the application of population biology concept into computer
From: Crispin Cowan <crispin () wirex com>
Date: Mon, 03 Feb 2003 13:49:35 -0800

Peter Huang wrote:

On January 25, 2003, the SQL Slammer worm (w2.SQLSlammer.worm), also known as Sapphire (F-Secure), w32.SQLexp.worm (Symantec), and Helkern (Kaspersky) fully exploited known vulnerabilities in Microsoft SQL 2000 servers and caused tremendous network jam around the world. In this article, the concept of population biology is proposed to apply to the computer programming. The concept is to diversify the same software functionality with a population of executables to avoid being eliminated or exploited by a virus or worm like SQL Slammer.

Read this paper to see the relative strenghts and weaknesses of the biodiversity defense:

   "The Cracker Patch Choice: An Analysis of Post Hoc Security
   Techniques".  Crispin Cowan, Heather Hinton, Calton Pu, and Jonathan
   Walpole.  Presented at the National Information Systems Security
   Conference (NISSC) <http://csrc.nist.gov/nissc/>, Baltimore MD,
   October 16-19 2000. PDF <http://wirex.com/%7Ecrispin/crackerpatch.pdf>.

The concept of biodiversity goes back many years. The first computer biodiversity paper I am familiar with is this, but there are undoubtedly earlier examples:

   "Self-Nonself Discrimination in a Computer (1994)"  (Make
   Corrections)  (44 citations)
   Stephanie Forrest Alan S. Perelson, Proceedings of the 1994 IEEE
   Symposium on Research in Security and Privacy.

The biodiversity defense relies heavily on analogies to proper biology. My counter-analogy is that yes, biodiversity works as a defense in nature, but not anywhere near as well as skin does. Organisms have skin, cells have membranes, and these organs do most of the work of keeping pathogens out of the organism. Computer systems (even with firewalls) have really crappy skin, if they have any at all. Investing in better skin will return greater results than biodiversity for a long time to come.

But the trouble with analogies is that analogies are like goldfish: sometimes they have nothing to do with the topic at hand :-) So without resorting to anlogies, the concrete argument against the biodiversity defense is that biodiversity induces incompatibility. For it to be an effective defense, the biodiversity has to impose *more* incompatibility on the attacker than it does on the defender. This is problematic, because while you know what artifacts the defender depends on, you do *not* know what artifacts the attacker is depending on, so you have to change every artifact you can think of that does not inconvenience the defender, and hope that works. Meanwhile, defenders are already feeling the pain of diversity (heterogeneous systems) and are rushing to *homogenize* their systems as much as possible, because the expense of biodiversity exceeds the benefits.

Not to say that biodiversity won't work, just that it is more expensive than you might like. On the other hand, very often for a given biodiversity technique (varying some artifact) there is an associated "restrictive" technique (controlling access to that same artifact) that will be more cost effective. So go ahead and explore biodiversity techniques, but don't forget to look around for associated restrictive techniques that might work better.


Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
                            Just say ".Nyet"

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]