Building Babel - Towards a Security System through Co-dependency and Diversity

Simple item page
atmire.migration.oldid3966
dc.contributor.advisorAycock, John Daniel
dc.contributor.authorde Castro, Daniel Medeiros Nunes
dc.contributor.committeememberWilliamson, Carey
dc.contributor.committeememberLocasto, Michael
dc.contributor.committeememberFar, Behrouz
dc.contributor.committeememberMiller, James
dc.date.accessioned2015-12-24T17:09:08Z
dc.date.available2015-12-24T17:09:08Z
dc.date.issued2015-12-24
dc.date.submitted2015en
dc.description.abstractA common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process. This research project called “Babel” consists of an innovative approach for computer security. We envision a system where, from the user’s viewpoint, everything seems exactly the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”. Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution. Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity. This dissertation documents our experiences and successes developing a proof-of-concept of Babel.en_US
dc.identifier.citationde Castro, D. M. (2015). Building Babel - Towards a Security System through Co-dependency and Diversity (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/25180en_US
dc.identifier.doihttp://dx.doi.org/10.11575/PRISM/25180
dc.identifier.urihttp://hdl.handle.net/11023/2715
dc.language.isoeng
dc.publisher.facultyGraduate Studies
dc.publisher.institutionUniversity of Calgaryen
dc.publisher.placeCalgaryen
dc.rightsUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.
dc.subjectComputer Science
dc.subject.classificationcomputer securityen_US
dc.subject.classificationDiversityen_US
dc.subject.classificationco-dependencyen_US
dc.subject.classificationpolygloten_US
dc.subject.classificationoperating systemen_US
dc.titleBuilding Babel - Towards a Security System through Co-dependency and Diversity
dc.typedoctoral thesis
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Calgary
thesis.degree.nameDoctor of Philosophy (PhD)
ucalgary.item.requestcopytrue
Files
Collections
Open Theses and Dissertations