Inspired by nature, researcher develops new cyber security techniques

May 13, 2014 by Kathryn Bold
UC Irvine computer science professor Michael Franz has devised a way to individualize software programs to help keep hackers from inflicting widespread damage. Credit: Steve Zylius/UC Irvine

(Phys.org) —Imagine a cyber world in which hackers, identity thieves, spammers, phishers, foreign spies and other miscreants have a much tougher time plying their trade. Thanks to UC Irvine computer science professor Michael Franz and his research group, such a world is closer to a reality.

Franz, director of UC Irvine's Secure Systems & Software Laboratory, is borrowing the idea of "biodiversity" from nature and applying it to the that runs on digital devices from smartphones to supercomputers. His promising ideas have already won a U.S. patent and make it much harder for attackers (including those with the resources of a nation state) to compromise their targets.

A major player in government-funded digital defense, Franz has been awarded more than $11 million as a principal investigator for UC Irvine—including more than $7 million as sole principal investigator—from the Defense Advanced Research Projects Agency, the U.S. intelligence community, the Department of Homeland Security and other funding entities.

Here, he describes his revolutionary concept for thwarting cyber attacks:

Why is our cyber infrastructure so vulnerable to attacks?

Today, if hackers discover a weakness in one piece of software, they can take over all of the devices that run the software. Unfortunately, the same software—with the exact same bugs—runs on large numbers of digital devices. For example, the vast majority of smartphones use either Android or iOS, and most computers use Windows.

This makes it easy for attackers. They need to find just one way in, and it will work on lots of targets. They can create viruses that jump from computer to computer while exploiting the same path of entry on each of them. And it enables attackers to practice their attacks before they unleash them, because they can replicate the exact software environment that will later exist on the target.

What's the solution that you and your research group have developed?

Our solution is to make every software program unique, so that have to find different attacks for different targets. It's inspired by biology—appropriately so, since biological viruses existed long before the term was applied to computers. The plague wiped out a third of humanity, but it didn't wipe out everyone because different people have different genetics.

Just as in biology, diversity is strength. Using this concept to diminish the effect of software errors, we have developed mechanisms that can potentially create a unique version of every program for every person in the universe. This won't eliminate hacking completely, but it will prevent widespread damage, dramatically increase the cost of attempting and make it much more difficult to target a specific person or entity.

How does your work break new ground?

While using multiple versions of software is not new—fly-by-wire controls in airplanes and other high-assurance systems often use "n-version" programming, in which a small number of alternative implementations are built separately from scratch—it has never before been attempted on the scale or at the low price point delivered by our solution. In the traditional n-version approach, you basically multiply the development cost by the redundancy factor n.

In our approach, on the other hand, subtly different versions of the same software are created automatically "in the cloud," in a matter that is invisible to both the software developers and the end users. The magic of creating the different versions happens inside of the app store from which users download the software. When software is downloaded from our version of the app store, different users automatically get different, but functionally identical, versions.

We have a fully functioning prototype and a few institutions are already experimenting with it. Preliminary benchmarks suggest that the cost of our approach is surprisingly small—not zero, but so low that lots of people will want to be using this. Meanwhile, the cost of not using it keeps rising.

Explore further: Windows XP diehards to fend off hackers on their own

add to favorites email to friend print save as pdf

Related Stories

US warns on use of flawed Microsoft browser

Apr 28, 2014

A US government cybersecurity watchdog warned computer users Monday against using a version of the Microsoft Internet Explorer browser with a security hole that could allow hackers in. ...

Recommended for you

Who drives Alibaba's Taobao traffic—buyers or sellers?

6 hours ago

As Chinese e-commerce firm Alibaba prepares for what could be the biggest IPO in history, University of Michigan professor Puneet Manchanda dug into its Taobao website data to help solve a lingering chicken-and-egg question.

Computerized emotion detector

Sep 16, 2014

Face recognition software measures various parameters in a mug shot, such as the distance between the person's eyes, the height from lip to top of their nose and various other metrics and then compares it with photos of people ...

Cutting the cloud computing carbon cost

Sep 12, 2014

Cloud computing involves displacing data storage and processing from the user's computer on to remote servers. It can provide users with more storage space and computing power that they can then access from anywhere in the ...

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Sharonmomo
not rated yet May 23, 2014
Most of the hacking tool is illegal. What if I use Micro Keylogger?