Present and Future Landscape of Attack Tolerant Information Systems
November 16, 2015
Cybersecurity is difficult to achieve because the current environment favors offensive rather than defensive cyber operations. Because the balance favors offense, it is currently very cheap to do cyber attacks while simultaneously expensive to defend against them. Formal correctness is a part of the security paradigm of security by correctness which when done properly can increase the resource costs for a successful attack.
In this article I will give an overview of the state of the art defensive methods of cybersecurity based around the security by correctness paradigm, I will introduce the concept of attack tolerant information systems, and will look to the future to discuss possible new methods of creating attack tolerant information systems based on blockchains as a means of achieving these ends.
Correct by construction
Correct by construction takes an engineer’s approach to software development. Code is formally specified, allowing for formal verification of the intended behavior.
Security through diversity
Synthetic diversity is a relatively new method for obscuring the attack surface through randomization of components within an information system. Typically attacks rely on the fact that there are commonalities between different components. Computers for instance may all be running the same version of the same operating system which makes it easier for the attacker to conduct one attack which compromises many systems. The result of this is that there is very little cyber defense in information systems while the offensive side maintains the momentum.
Synthetic diversity can help limit the amount of damage an attacker causes, having a similar effect as if a different unique password were chosen for every device; only in this case the diversity is on a more fundamental level. Synthetic code diversity is described:
“We introduce diversity at all levels of the formal code development (synthesis) process starting at a very high level of abstraction. For example, in the TwoThirds protocol, we can use different functions f, alter the means of collecting Msg i, synthesize variants of the protocol, alter the data types, etc. We are able to create multiple provably correct versions of protocols at each level of development” (Van Reneese., et al 2011).
Intelligent software immune systems
Intelligent software immune systems represent a new paradigm of biomemetic cybersecurity. In living systems we see that diversity, camouflage, and immune systems all work to increase the survivability of the host. Evolution itself through the Darwinian process generates solutions to many different problems including an elegant solution to attacks which we call the immune system. This solution can be replicated in software and while this kind of software is still in it’s practical infancy it is a much better theoretical solution than the solutions currently deployed.
In a secure distributed information system it may make sense to implement this approach where economically feasible. The intelligent software immune system approach could be desirable in a blockchain computer which is described as a blockchain with distributed storage, bandwidth, and computation functionalities. In a blockchain computer each intelligent component in the secure distributed information system could check one another, using the blockchain as a shared ledger or source of truth.
The CRASH program
The CRASH (Clean Slate Design of Resilient Adaptive Hosts) is a program for DARPA in collaboration with Cornell University’s Computer Science deptartment. In particular, part of their goal was to explore the concept and produce software immunity.
To accomplish this goal the team built and utilized correct-by-construction concurrent systems. This is based upon the security by code correctness paradigm of cybersecurity which makes use of formal specification and verification, fully functional programming languages, computer assisted reasoners, and proof assistants.
Tauchain is a project in development to create a decidable Turing incomplete platform capable of providing the peer to peer networking capabilities associated with blockchain technology and much more. It is unique in that it will adopt some of the same paradigm shifting techniques as the CRASH program and even goes far beyond it in scope.
It will utilize dependently typed fully functional programming languages based on the work of Martin-Löf, and contain a built-in reasoner. It will also have the ability to allow hosts to rent computation buyers through a Tauchain “context” (a Tauchain built in feature) called Agora which is a decentralized market. Computers that take part in the computation rental market will be paid in Agora tokens, but this same incentive structure could be used for storage, hiring programmers, and perhaps bandwidth.
Attack tolerant blockchains may be coming in the near future
“We believe that the more code variants we can produce, the more resistant systems are to attack. We
have found ways to automatically produce many provably equivalent variants of components using formal synthesis.” (Van Reneese., et al 2011).
In the near future we may see the principles and knowledge acquired from the development of attack tolerant systems exported to blockchain-based architectures. This would potentially provide more security benefits, as well as practical benefits. Whether this happens or not depends on the success or failure of certain projects such as Tauchain and on the desire of developers to build it out, but it appears to be theoretically possible.
Distributed applications which run on distributed blockchain infrastructures could have code variation for diversity, be modular enough so that the multiple provably equivalent variant components can be automatically switched in and out during an incident, and include multiple implementations of the protocols.
The benefits of blockchain technology are just being discovered, but some of these benefits include data preservation as highlighted by Microsoft Research (Permacoin) (Miller., et al 2014), and because data isn’t stored in any one place such as in the client server, and because it’s stored distributed in encrypted spread across many hosts, this provides improvements to confidentiality and immunity in the era of data breaches like the recent Ashley Madison breach.
Additionally availability and integrity are improved on blockchain infrastructure because every piece of information can be hashed on the blockchain even if it is stored off the blockchain. Also, redundancy can be assured since off-chain computers join in to host the data.
Incident response planning could be dramatically simplified in this context. The applications themselves along with the data and business logic could be distributed in the decentralized cloud, while the front end can be maintained by the business. In the situation where there is an incident such as distributed denial of service attack, it is very unlikely there would be a data breach, and the network could have self healing properties. This provides a new secure foundation for businesses and represents a new paradigm for cybersecurity.
About the Guest Author
Dana Edwards is is a technological visionary, an information security expert and a
social futurist. Born and raised in Boston Massachusetts, he
obtained a Bachelors degree in ethics, social & political philosophy
from UMass, a Masters degree in Cybersecurity from UMUC, and is CompTIA
He has been fascinated by and continuously studied computer
technology and information security since 1997 when he received his
first computer. As a student, teacher and problem solver, he wishes to
share some of his knowledge with the world, and to inspire, conduct, and
promote innovative experiments in cybersecurity.
Asor, O. (2015). About Tau-Chain. arXiv preprint arXiv:1502.04120.
Mazurczyk, W., Drobniak, S., & Moore, S. (2015). Towards a Systematic View on Cybersecurity Ecology. arXiv preprint arXiv:1505.04207.
Miller, A., Hicks, M., Katz, J., & Shi, E. Authenticated Data Structures, Generically.
Miller, A., Juels, A., Shi, E., Parno, B., & Katz, J. (2014, May). Permacoin: Repurposing bitcoin work for data preservation. In Security and Privacy (SP), 2014 IEEE Symposium on (pp. 475-490). IEEE.
Miller, A., & LaViola Jr, J. J. (2014). Anonymous byzantine consensus from moderately-hard puzzles: A model for bitcoin. Retrieved from Anonymous Byzantine Consensus from Moderately-Hard Puzzles: A Model for Bitcoin.
Van Renesse, R., Bickford, M., & Constable, R. (2011). Investigating correct-by-construction attack-tolerant systems.