Federal Cybersecurity R&D Forum

Cybersecurity R&D Themes - Research Problems

Focus Questions for this Section: How might the three themes be refined or enhanced to further improve cyberspace? What are the research, development, implementation and other challenges in achieving the goals under each themes?

Views: 151

Reply to This

Replies to This Discussion

Permalink Reply by Louis Savain on May 20, 2010 at 4:57am
First of all, let me congratulate NITRD Cyber Security for a nice forum user interface and for giving the public an opportunity to contribute to this very important research.

Almost every successful cyber attack exploits one or more flaws in a system's software. It follows that constructing bug-free software should be the main approach to creating secure cyber systems. Contrary to the conventional wisdom in the software industry (Fred Brooks et al), I believe that it is possible to develop bug-free software. The key is in the timing. The temporal signature of a deterministic software system is like a fingerprint. There is a way to use this fingerprint to thoroughly inspect the system's expectation space and eliminate all abnormalities. This will make the system impregnable to attacks. Unfortunately, time is not an inherent and fundamental part of our current programming models and therein lies the problem. Therefore, in order to create truly safe and impregnable software systems, we will have to adopt a radically different software model, one which is synchronous, parallel and reactive.

Read How to Construct 100% Bug-Free Software for more. Please don't let the irreverent style spook you.
Permalink Reply by Michael Rupp on May 21, 2010 at 1:30pm
I'm not positive I understand your meaning, but most machines that can be attacked are in essence Turing machines, which are well proven to be indeterminate. If they were the Decider type machines then impregnable software would be possible in the general case. They are not.
Since security cannot be achieved through invincible digital walls of perfect software, it has to be that if you are an entity (human or AI-bot) on the Internet, you must be traceable; their is no hope of weeding out those that do harm where their is no traceability.
Permalink Reply by Louis Savain on May 21, 2010 at 3:07pm
There is a widespread belief in the business that computers are Turing machines but it is a fallacy. You may want to read the late Jeff Raskin's Computers Are Not Turing Machines (pdf). This is why normal computer programs are not subject to the halting problem.

The key to solving the software unreliability and the cyber security crises lies in the timing of operations at the instruction level. Unfortunately, timing is not an inherent part of our programming models. The entire computer industry will have to switch to a synchronous reactive software model sooner or later. There is no escaping this.

In addition to providing a method that can guarantee flawless applications, the use of timing can effectively render a software system impregnable to malicious attacks. The reason is that a sizable percentage of the temporal signature of a synchronous reactive program is fixed, i.e., deterministic. Malicious code will invariably break that signature; abnormal timing sensors can then sound an alarm and/or disable the culprit.

In my considered opinion, our infatuation with Turing machines is not doing us any good. A time will come soon when the Turing computing model will be be blamed for almost everything that ails computer science. Turing's antiquated ideas on computing (it really started with Charles Babbage) are not helping to solve the crises I mentioned above. Otherwise you would not be reading this forum. The Turing computing model is the problem, not the solution. It is time that industry recognize this and move on.

One man's opinion, of course.
Permalink Reply by L. Bruce McCulley on May 24, 2010 at 10:33am
I think you raise some interesting points for investigation and consideration, but I think there's a flaw in your fundamental premise that "flaws in a system's software" == bugs, so constructing bug-free software is not sufficient to secure systems.

A good example would be the recent "Escape from PDF" exploit, originally disclosed by Didier Stevens and subsequently exploited in the wild. As Didier described it "I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!" Essentially he showed that it was possible to abuse a feature intentionally implemented by the application developers to produce results they had not envisioned. Or perhaps he showed that the results they had intended to allow had implications they had not recognized. I'm not seeing how any of the suggestions will help to guard against misuse of intended features, it's like saying we can recognize that the bank account number is being used legitimately this time for online purchasing by the owner but abused next time for online purchasing on behalf of an unknown thief.
Permalink Reply by Louis Savain on May 25, 2010 at 6:08pm
Bruce,

Thanks for the comment. If what you say is true, then there can never be any game changing innovation in cyber security, or software reliability for that matter.

That being said, I disagree with your assessment. I defend the thesis that it is indeed possible to guard against any kind of misuse of intended features. The only exception might be identity/password theft via coercion or other means and even that can be remedied to a large extent. There is a way to use a synchronous reactive software model and temporal behavior patterns to discover anything that can go wrong with a software system, even if the developers/designers overlook them. Of course, it's only a hypothesis but it is one that I am prepared to demonstrate, as soon as I can obtain enough funds to implement an actual system. That's always the sticky part.
Permalink Reply by Russell Cameron Thomas on May 24, 2010 at 7:21pm
Regarding the topic of "Cybersecurity Economic Incentives" I would like to offer suggestions for a research framework, research program(s), and a virtual organization approach to executing the research. Though this was written almost three years ago, I think most of it is still applicable. Of course, it's not the final word, and I hope it stimulates additional ideas, approaches, and debate.

6-page Executive Summary: http://meritology.com/resources/Incentive-based%20Cyber%20Trust%20-...

27-page full paper: http://meritology.com/resources/Incentive-based%20Cyber%20Trust%20I...

Slide presentation: http://meritology.com/resources/Towards%20Incentive-based%20Cyber%2...
Permalink Reply by Deborah Williams on June 7, 2010 at 5:50pm
Greetings Russell, I think that your ideas are certainly on the right track! Your discussion around the economic incentives is very much in keeping with approaches that are being advanced by the Administration and elsewhere. I would add that some of the challenges ahead include leveraging some of the best practices and approaches being advanced by others who are working to find solutions in this space (e.g. DHS ITSCC, ISA, and others) and defining some solid long,mid and short term objectives that will help the community know when we are making progress. Thoughts?
Permalink Reply by matthew on June 9, 2010 at 10:59am
The world already runs by incentive (the latest of their proposals) and by (minimal) penalties. A company would go bust if it did not move with market trends and quirks. Therefore they already have the incentive to keep up with their profits (free-market) and whats happening in the world.

In todays world only by tieing in the loss of revenue directly to software producers could you actually produce a feed-back system that corrected the flaws in a timely measurable way. Love to see you try and rewrite the constitution and free-market economy though.

A quote from that document...
"The NSF Cyber Trust vision is for a world in which networked computer and communication systems are more predictable, more accountable, and less vulnerable to attack and abuse; developed, configured, operated and evaluated by a well-trained and diverse workforce; and used by a public educated in their secure and ethical operation."

My proposals have already solved these things, with no long term talking about it....and all the pages of talk just serve to confuse people into thinking if you define boundaries for a solution one will be found that can be added on to a flawed system.

Wake up dear a flawed system cannot have a bounded solution retrofitted to it without actually changing the system. If you start the ball rolling and change the system to my proposed specs your job is mostly done. Less talk more action i say. I have proposed several hardware/software changes to the worlds computing structure, and heres one more the o/s would be designed appropriately such that the incentive of the software developer would be to create software that applies to a certain methodolgy (perhaps like my proposed theoretical computer generated code language). If the software did not abide by my method it wouldnt run on the system. You then solve the software issue straight away. Anyways....

But please come back in 20 years and congratulate people on their ideas...again.
Permalink Reply by matthew on May 26, 2010 at 12:56am
I wrote this on another forum which pointed me to the real site so i copied and pasted for you.

Points 1 and 3 are moot.
Not sure why they are even proposing them really.

Now to point 2 the real meat and veg of their intelligence.

I like the idea.

Firstly they need to remove 3rd parties from actually being connected to the system while in that secure area id say.

Second youd have to be able to authenticate every program that is and would be run in that space... Unbelievably wickedly hard task that one....or not.
Is it achievable....yes but not with our current o/s.. youd need a self testing file system against another backup system that is untouchable... and pre-authenticated of course.

The problem i see is the chicken and egg... If you make the space then attach to a server to authenticate files, your computer could be infected already. If you obtain a smartcard of the files and put it in your computer..your computer could still be infected and you think you were safe.

2 solutions exist a bootable disc you acquire from the bank (only) signed and certified that sets up this initial safe area that then authenticates the files. This one sucks balls of course and is about as reliable as getting it from your local chinese embassy or russian mafia, but its not bad.
The second ill keep to myself becuase its much better and i thought of it 20 years ago.

Yes it doesnt surprise me the federal agencies are 20 years behind the times but there you go.

job done point 2 achieved.

@ Louis Savain
I also like the comment about the synchronous timing programming method and fully understood what he was talking about straight away. Though systems are not capable at the moment as he knows like him im sure at some point its possible to move to a frame work along those lines. Im not sure how far down that path computers could go though as i see lots of crazy self-authentication and differnet system/core issues.
Permalink Reply by Richard Brooks on June 3, 2010 at 10:25am
Some random thoughts:

1. DARPA grand challenge competitions might be a good idea.

2. Graduate fellowships.

3. Add some topics that are focused on problems rather than technologies. Trust and moving target pretty much prescribe the approaches to be proposed.
Permalink Reply by Ross Stapleton-Gray on June 3, 2010 at 12:38pm
There are areas where grand challenge-type approaches might work. Malicious insider detection would be one, and I think that general sort of bake-off approach has been used ("Here are data sets... please detect anomalous behavior").

One could also imagine defining a particular scenario, e.g., 48 uninterrupted hours of operation by some notional government entity, prosecuting some set of missions, and then have all and sundry attempt to compromise it, though that becomes greatly messy, if you want to have multiple approaches to defense, and then equally thoroughly expose them to attackers.

The NSF and now DHS is funding the DETER testbed (http://www.isi.edu/deter/) for various simulations, and then there's the National Cyber Range. A former employer, Skaion Corp. (www.skaion.com) would know more about the latter, which is in the classified sphere (DETER is not).
Permalink Reply by David Heath on June 14, 2010 at 11:30pm
[Posted in general forum as well]
Has appropriate consideration been given to support from the public sector?

Citizens with an internet connection and a PC could opt to run a program from the federal government, a security vendor, or private corporation to serve as an enabler for the Moving Target infrastructure. This would provide a highly redundant infrastructure capable of resisting denial of service (and other) attacks, and dynamically detecting and adapting to attacks. By using public systems the high cost of deploying the virtual infrastructure over a large area would be dramatically reduced. It's not difficult to see how it would be beneficial to this goal, and also the potential pitfalls of such a platform. With the proper security considerations and implementation, this could provide an effective tool to change the game - serving primarily as a defensive system, but affording critical intelligence and offensive capabilities as well. This program, I believe, would generate high public interest and have rapid adoption, especially if there are incentives to enhance the security of the system on which it is installed.

RSS

© 2012   Created by NITRD Cyber Security.

Badges  |  Report an Issue  |  Terms of Service