[9]   

In large-scale systems such as the Internet, the means to exploit security flaws can be readily distributed, exposing a large number of systems to vulnerability. This problem is aggravated if system implementations are both fixed and widely distributed. For instance, the fact that sendmail 8.7.5 has a particular vulnerability  [1] can be used by numerous intruders to attack many systems. These attacks have dire consequences, because many sites are running the same code, with the same flaws.

The main objective of the Immunix Project is to use specialization techniques and toolkit developed in the Synthetix project  [3] to improve the survivability of operating system (OS) kernels. The key idea is to use the specialization toolkit to generate a large number of correct variants of many OS modules, so some of the variants will be resistant to new, previously unknown attacks. If there are a sufficient number of variant implementations, then no single attack will be able to break into all nodes.

Varying system implementation through specialization provides two important forms of defense against intrusion. First, permutating the system implementation makes it harder for intruders to exploit specific implementation flaws. Even if permutation just replaces one set of implementation flaws with another set of flaws, intruders cannot exploit these flaws if they do not know what flaws to look for.

Second, adaptation provides the opportunity to respond to attack. Services that are convenient, but vulnerable to attack, can be narrowed or closed. Services that previously trusted requests based on source identity can switch to demanding passwords. The general level of paranoia of the system can be dynamically adjusted to the perceived level of intrusion threat as reported by intrusion monitoring software.

The Synthetix project has previously focussed on building adaptive systems for performance  [3], and for adaptive multimedia presentations  [2]. In recent and future work, we will apply the Synthetix specialization methods to the problem of system survivability  [4].

Footnote:
* This research is partially supported by DARPA grants N00014-94-1-0845 and F19628-95-C-0193, NSF grant CCR-9224375, and grants from the Hewlett-Packard Company and Tektronix.

References

1

CERT. Advisory CA-96.20: Sendmail Vulnerabilities.
ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul.

2

Crispin Cowan, Shanwei Cen, Jonathan Walpole, and Calton Pu. Adaptive Methods for Distributed Video Presentation. ACM Computing Surveys, 27(4):580-583, December 1995. Symposium on Multimedia.

3

Calton Pu, Tito Autrey, Andrew Black, Charles Consel, Crispin Cowan, Jon Inouye, Lakshmi Kethana, Jonathan Walpole, and Ke Zhang. Optimistic Incremental Specialization: Streamlining a Commercial Operating System. In Symposium on Operating Systems Principles (SOSP), Copper Mountain, Colorado, December 1995.

4

Calton Pu, Andrew Black, Crispin Cowan, and Jonathan Walpole. A specialization toolkit to increase the diversity of operating systems. In Proceedings of the 1996 ICMAS Workshop on Immunity-Based Systems, Nara, Japan, December 1996.

Back to the Table of Contents
   [9]