Building Babel - Towards a Security System through Co-dependency and Diversity
atmire.migration.oldid | 3966 | |
dc.contributor.advisor | Aycock, John Daniel | |
dc.contributor.author | de Castro, Daniel Medeiros Nunes | |
dc.contributor.committeemember | Williamson, Carey | |
dc.contributor.committeemember | Locasto, Michael | |
dc.contributor.committeemember | Far, Behrouz | |
dc.contributor.committeemember | Miller, James | |
dc.date.accessioned | 2015-12-24T17:09:08Z | |
dc.date.available | 2015-12-24T17:09:08Z | |
dc.date.issued | 2015-12-24 | |
dc.date.submitted | 2015 | en |
dc.description.abstract | A common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process. This research project called “Babel” consists of an innovative approach for computer security. We envision a system where, from the user’s viewpoint, everything seems exactly the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”. Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution. Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity. This dissertation documents our experiences and successes developing a proof-of-concept of Babel. | en_US |
dc.identifier.citation | de Castro, D. M. (2015). Building Babel - Towards a Security System through Co-dependency and Diversity (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/25180 | en_US |
dc.identifier.doi | http://dx.doi.org/10.11575/PRISM/25180 | |
dc.identifier.uri | http://hdl.handle.net/11023/2715 | |
dc.language.iso | eng | |
dc.publisher.faculty | Graduate Studies | |
dc.publisher.institution | University of Calgary | en |
dc.publisher.place | Calgary | en |
dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | |
dc.subject | Computer Science | |
dc.subject.classification | computer security | en_US |
dc.subject.classification | Diversity | en_US |
dc.subject.classification | co-dependency | en_US |
dc.subject.classification | polyglot | en_US |
dc.subject.classification | operating system | en_US |
dc.title | Building Babel - Towards a Security System through Co-dependency and Diversity | |
dc.type | doctoral thesis | |
thesis.degree.discipline | Computer Science | |
thesis.degree.grantor | University of Calgary | |
thesis.degree.name | Doctor of Philosophy (PhD) | |
ucalgary.item.requestcopy | true |