Frederick P. Brooks, Jr. Kenan Professor & Department Founder
description
Transcript of Frederick P. Brooks, Jr. Kenan Professor & Department Founder
![Page 1: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/1.jpg)
Frederick P. Brooks, Jr.
Kenan Professor &Department Founder
![Page 2: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/2.jpg)
Some Things that Computer Science can Learn from Nature
Mike Reiter
Lawrence M. Slifkin Distinguished Professor
Department of Computer Science
University of North Carolina at Chapel Hill
![Page 3: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/3.jpg)
Natural Science and Computer “Science”
Natural science: any of the sciences (e.g., physics, chemistry, or biology) that deal with matter, energy, and their interrelations and transformations
In contrast, computer science is a “formal science” Some have even argued that computer science is not a science at all
Computer Science derived from math and engineering primarily, not from the natural sciences
Numerous qualitative differences have been suggested, mostly deriving from their objects of study
![Page 4: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/4.jpg)
Computer Science [Mowry]
Tools:
MathematicalReasoning
Computing(i.e. writing &running code)
Used to Improve:
Computers
Everything Else (e.g., Medicine, Entertainment,
Business, Safety,Science, etc.)
![Page 5: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/5.jpg)
Computer Science [Mowry]
Tools:
MathematicalReasoning
Computing(i.e. writing &running code)
Used to Improve:
Computers
Everything Else (e.g., Medicine, Entertainment,
Business, Safety,Science, etc.)
Systems
TheoryApplications
![Page 6: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/6.jpg)
Computer Science [Mowry]
Tools:
Computing(i.e. writing &running code)
Used to Improve:
Computers
Everything Else (e.g., Medicine, Entertainment,
Business, Safety,Science, etc.)
![Page 7: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/7.jpg)
Computing Systems vs. Natural Systems
“Natural systems are much more complex than computers.” Just because we built computers doesn’t mean we understand them
![Page 8: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/8.jpg)
Computing Systems vs. Natural Systems
“Natural systems adapt.”
email propagation of malicious code
“stealth”/advanced scanning techniques
widespread attacks using NNTP to distribute attack
widespread attacks on DNS infrastructure
executable code attacks (against browsers)
automated widespread attacks
GUI intruder tools
hijacking sessions
Internet social engineering attacks
automated probes/scans
widespread denial-of-service
attackstechniques to analyze code for vulnerabilities
without source code
DDoS attacks
increase in worms
sophisticated command
& control
anti-forensic techniques
home users targeted
distributed attack tools
increase in wide-scale Trojan
horse distribution
Windows-based remote
controllable Trojans (Back
Orifice)
Intruder Knowledge
1990 2004
packet spoofing
Atta
ck S
op
his
ticatio
n
![Page 9: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/9.jpg)
Computing Systems vs. Natural Systems
Source: http://www.caida.org
This is not a depiction of any biological phenomenon It’s the geographic spread of Sapphire worm 30 minutes after
release
![Page 10: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/10.jpg)
Can CS Learn from Nature?
Modularity
![Page 11: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/11.jpg)
Can CS Learn from Nature?
Diversity
![Page 12: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/12.jpg)
Can CS Learn from Nature?
Redundancy
![Page 13: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/13.jpg)
Modularity
Decomposing a system into components separated by narrow interfaces at which access control is applied Often separation is enforced by physical constraints
Modularity least privilege (in my view) Can be thought of as a method of damage containment
13
![Page 14: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/14.jpg)
Modularity:
Trusted Computing Base (TCB)14
CPU, RAMTPM, Chipset
CPU, RAMTPM, Chipset
DMA Devices (Network, Disk,
USB, etc.)
OS
App
SS
App1 …
DMA Devices (Network, Disk,
USB, etc.)
OS
AppApp1 …
SS
ShimShim
![Page 15: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/15.jpg)
Modularity:
TPM Background The Trusted Platform Module (TPM) is a dedicated
security chip It can provide an attestation to remote parties
Platform Configuration Registers (PCRs) summarize the computer’s software state
PCR_Extend(N, V): PCRN SHA-1(PCRN | V)
TPM provides a signature over PCR values TPM spec v1.2 includes dynamic PCRs
Values can be reset without a reboot
15
![Page 16: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/16.jpg)
Modularity:
Late Launch Background Supported by new commodity CPUs
SVM for AMD TXT (formerly LaGrande) for Intel
Designed to launch a VMM without a reboot Hardware-based protections ensure launch integrity
New CPU instruction (SKINIT/SENTER) accepts a memory region as input and atomically: Resets dynamic PCRs Disables interrupts Extends a measurement of the region into PCR 17 Begins executing at the start of the memory region
16
![Page 17: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/17.jpg)
Modularity:
The Flicker System [w/ McCune, Parno, Perrig, and Seshadri]
Core technique Pause current execution environment Execute security-sensitive code with hardware-enforced
isolation Resume previous execution
Extensions Preserve state securely across invocations Attest only to code execution and protection Establish secure communication with remote parties
17
![Page 18: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/18.jpg)
Modularity:
Flicker Execution Flow18
TPMTPM
PCRs:
K-1
…0 0 0
CPUCPU
OS
App
ShimShim
SSModuleModule
RAM
OS
App
ModuleModule
SKINITReset
InputsOutputsModuleModule
0 h 00 H 00
ShimShim
SS 00 0
![Page 19: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/19.jpg)
Modularity:
Flicker Attestation19
TPMTPM
PCRs: 0
K-1
…
TPMTPM
PCRs:
K-1
…
0 0 0
ShimShim
SS Inputs
Outputs
![Page 20: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/20.jpg)
Modularity:
Flicker Attestation20
TPMTPM
PCRs:
K-1
…
000
ShimShim
SS Inputs
Outputs
What code didyou run?
ShimShim
SS InputsOutputsSign( ), K-1
![Page 21: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/21.jpg)
Diversity
Studied first in the reliability community Goal: Promote failure independence between program versions Manual variant creation by different teams does not necessarily
provide fault independence [Knight & Leveson 1986, Littlewood et al., 1989]
More recently studied in security community Goal: Increase attacker’s effort to compromise systems Has been studied at O/S level, operator/user interface, and others
[Forrest et al. 1997, Deswarte et al. 1998; Bain et al. 2000 …]
Still an active topic of investigation Ex: “Diversity as a computer defense mechanism: A panel” at the
New Security Paradigms Workshop (NSPW) 2005
21
![Page 22: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/22.jpg)
Diversity:
Behavioral Distance [w/ Gao & Song]
22
“Behavioral distance” is a measurement of the extent to which the system calls indicate similar simultaneous behavior A compromise of one variant causes divergence from other variant
ApacheWeb Server
Windows Linux AbyssWeb Server
System calls
![Page 23: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/23.jpg)
Diversity:
Behavioral Distance Diverse Platform (Windows and Linux)
Same system call number in two sequences are not really the “same” System calls may not have a one-to-one correspondence System call sequences may have different length
Diverse Implementation (Apache and Abyss) Difficult to map individual system calls between two sequences
Experimented with two approaches Evolutionary distance originally proposed to evaluate if two DNA
sequences derive from a common ancestral sequence Hidden Markov models
![Page 24: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/24.jpg)
Diversity:
Hidden Markov Models
q1 q2 q3
30 %
70 % 10 %
25 %
65 %
100 %
50 %
10 % 90 %
50 %
30 %TransitionEmission
![Page 25: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/25.jpg)
Diversity:
Hidden Markov Model for Behavioral Distance
-
- -12 7 6
155 76 8 274
“-” representsa dummy symbol
![Page 26: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/26.jpg)
Diversity:
Elements of the Hidden Markov Model
Elements of the HMM Meanings when applied to behavioral distance
Observable SymbolA pair of system calls (possibly one dummy
symbol), one for each replica
Hidden State A task to be performed in processing a request
State TransitionOrder in which tasks are performed in
processing a request
Symbol Emission System calls used to perform any individual task
Once the HMM is trained, the probability that the HMM would have produced an observed sequence can be used to detect intrusions
![Page 27: Frederick P. Brooks, Jr. Kenan Professor & Department Founder](https://reader035.fdocuments.in/reader035/viewer/2022070410/568146a2550346895db3be5e/html5/thumbnails/27.jpg)
How Far Does the Analogy Go?
These examples show how we can learn strategies for survival from natural systems
I believe these examples are just a sample of what we can learn from nature about managing systems that we don’t understand Even if we built them ourselves!
There’s also plenty of room for doubt Clearly nature has its failures (extinct species, global warming, …) The tactics (implementations) are quite different
But I hope I’ve encouraged you to think about computer science in the broader context of all sciences, and to look for new opportunities at their intersections