Building Babel - Towards a Security System through Co-dependency and Diversity
Date
2015-12-24
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
A common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process.
This research project called “Babel” consists of an innovative approach for computer
security. We envision a system where, from the user’s viewpoint, everything seems exactly
the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”.
Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software
diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution.
Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity.
This dissertation documents our experiences and successes developing a proof-of-concept of Babel.
Description
Keywords
Computer Science
Citation
de Castro, D. M. (2015). Building Babel - Towards a Security System through Co-dependency and Diversity (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/25180