I'm curious to hear what people think about the following rough idea for a
possible fundamentally different approach to computer security. Just as
biological viruses are a pretty good analogy for understanding how
computer viruses operate, the security system I envision would operate
roughly on the model of the animal immunological system.
The animal immunological system works roughly as follows. White B cells
in the blood constantly check everything they come across
indiscriminately, including all the body's native, proper organelles.
All the body's native, proper organelles (such as, e.g., the animal's
striated muscle tissue) have molecular markers on their surface called the
MHA (major histo-compatibility complex) that mark them as properly
belonging to---produced by or ingested in the appropriate fashion---that
particular animal. You can think of it as one key in a standard two-key
encryption scheme. The B cells carry the other key anc challenge
everything they come across. If what they challenge can answer properly,
they move on to the next thing. If they can't answer the challenge
properly, then the B cell triggers an immune response based on the foreign
markers they found on the object that can't answer the challenge.
In the computer scheme, the analogue of the B cells would be some sort of
daemon that constantly checks all files found on the system. The MHA
would be some sort of encrypted tag unique to that machine (or at least to
that instance of an operating system or to a particular user) that is
automatically generated and attached or associated with every file
natively residing on or created or properly copied to that machine. This
would require perhaps a wrapper sort of system for every binary on the
machine that can produce or copy files, so that whenever a file is
produced or copied by a native binary the encrypted tag gets associated
with the newly produced file when the user enters the proper password.
The daemon would constantly run in the background checking every file it
finds for the proper encrypted tag. If it finds a file that doesn't have
that tag (e.g. a file put there by someone who doesn't know the proper
password), then it would make that file non-executable if it is
executable, kill any instance of it then running, and alert the user/admin
about the file.
This is just a very rough idea and needs some more thought, but what do
y'all think of the basic outline?
E
--
Erik Curiel
Sometime Web Engineer/Almost Philosopher
"sheepdog standing in the rain
bullfrog doing it again
some kind of happiness
is measured out in miles
what makes you think you're something special
when you smile
childlike no one understands
jack knife in your sweaty hands
some kind of innocence
is measured out in years
you don't know what it's like
to listen to your fears
you can talk to me
you-can-talk-to-me
you can talk to me
if you're lonely
you can talk to me"
