'Fabric' would tighten the weave of online security

Oct 01, 2010 By Bill Steele
Nodes (locations on a computer network) in Fabric pass around objects that contain data and program code, but the objects have built-in rules about what each node can do with them. The Fabric language requires programmers to include these rules and saves them the work of writing code to enforce them.

(PhysOrg.com) -- As we become increasingly dependent on computers to manage our lives and businesses, our money and privacy become less and less secure. But now, Cornell researchers offer a way to build security into computer systems from the start, by incorporating security in the language used to write the programs.

Until now, has been reactive, said Fred Schneider, the Samuel B. Eckert Professor of . When hackers discover a way in, we patch it. "Our defenses improve only after they have been successfully penetrated," he explained.

"When problems arise, we patch software like putting on duct tape," added collaborator Andrew Myers, professor of computer science. "By now we have layers of duct tape, and the system is a mess. ... Our computer systems are this tottering stack of obsolete [layers of software] ... and vulnerabilities are nearly inevitable."

Myers and Schneider are developing a new computer platform, dubbed "Fabric," that replaces multiple existing layers with a single, simpler that makes security reasoning explicit and direct, Myers said.

Fabric is designed to create secure systems for distributed computing, where many interconnected nodes -- not all of them necessarily trustworthy -- are involved, as in systems that move money around or maintain medical records. When you connect to Amazon, for example, it talks to your credit card company and the vendor of the product, passes your demographics to some advertisers and more. In a medical records system, data is shared between hospitals, doctors and other practitioners, laboratories, medical billing agencies and insurers.

Fabric's , an extension of the widely used Java language, builds in security as the program is written. Everything in Fabric is an "object" labeled with a set of policies on how and by whom data can be accessed and what operations can be performed on it. Even blocks of program code have built-in policies about when and where they can be run.

While your medical record, for example, could be seen entirely by your doctor, your physical therapist might be able to see only the doctor's prescription for your therapy, and your insurance company could see only the charges.

The compiler that turns the programmer's code into an executable program enforces the security policies and will not allow the programmer write insecure code, Myers said. Most of this, he added, is transparent to the programmer, who can simply set the policies and not have to write detailed code to enforce them. "I think we can make life simpler and improve performance," he said.

Fabric is still a prototype, being tested on a database of Cornell computer science students. With $1.1 million from the National Science Foundation and $1.3 million from the Office of Naval Research, Schneider and Myers plan to scale it up for very large distributed systems, provide for more complex security restrictions on objects and enable "mobile code" -- programs that can reside on one node of a network and be run on another with assurance that they are safe and do what they claim to do. And perhaps most important (and perhaps hardest), they hope to provide formal mathematical proof that a system is really secure.

Will the computer establishment be willing to adopt this new way of managing complex systems? "How did we get people to use the Web?" Myers countered. "It's a paradigm shift. By making security policies part of the process of building software, we can make it much easier to build secure systems. That will drive adoption."

The name "Fabric," he noted, is meant to be reminiscent of "the Web," but "Fabric is more useful and more tightly connected than webs."

Explore further: A new kind of data-driven predictive methodology

Related Stories

Software Tool Plugs Security Leaks

Aug 01, 2007

Often when you make an Internet transaction, symbols on the Web page assure you that your transaction will be secure and that private information about you, such as passwords, bank account or credit card numbers, will not ...

A new language could improve home computer security

Sep 18, 2009

Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ub ...

Code breakthrough delivers safer computing

Sep 25, 2009

(PhysOrg.com) -- Computer researchers at UNSW and NICTA have achieved a breakthrough in software which will deliver significant increases in security and reliability and has the potential to be a major commercialisation success.

Battling Botnets With An Awesome OS

Apr 09, 2010

(PhysOrg.com) -- Despite security software, patches and updates, your computer remains threatened by attack and takeover from hackers and cyber-criminals who will turn your PC into their networked robot -- or "bot" -- creating ...

Recommended for you

Five ways the superintelligence revolution might happen

Sep 26, 2014

Biological brains are unlikely to be the final stage of intelligence. Machines already have superhuman strength, speed and stamina – and one day they will have superhuman intelligence. This is of course ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Blicker
not rated yet Oct 01, 2010
But nothing about how it works. Perhaps someone here can understand the diagram but I can't.
Smellyhat
not rated yet Oct 01, 2010
Sounds like a bad idea, and/or an excuse to introduce DRM hardware to the PC.
Skeptic_Heretic
1 / 5 (1) Oct 01, 2010
This is similar to how the industry established the HL7 and ADT schemas for data interfaces. Basically this will be an update but rather than simply applying to external interfaces, it would work within a single system.
Quantum_Conundrum
not rated yet Oct 01, 2010
bloat, bloaT, bloAT, blOAT, bLOAT, BLOAT...
MorituriMax
1 / 5 (1) Oct 01, 2010
"Everything in Fabric is an "object" labeled with a set of policies on how and by whom data can be accessed and what operations can be performed on it. Even blocks of program code have built-in policies about when and where they can be run."

Great, so now all the hackers have to do is convince the objects that they CAN do other things which they are not allowed to do by the original programmers.... isn't that why they are called... hackers?
Quantum_Conundrum
not rated yet Oct 01, 2010
MorituriMax:

Not possible. The "Policies" are probably private and "static" members, which means that nothing can access the "policy" except other sub-routines contained in the same object, and probably none of those routines can change the "policy".