Fred B. Schneider
Network Security Systems: Building a Better Defense
by Baaba Andam, student writer
With the current interconnection of network systems, such as the Internet, phones, power grids, and banking systems, security has become a major concern of organizations and individuals. Fred B. Schneider works to make these systems more trustworthy. Instead of building defenses against attacks that have already occurred, Schneider takes a pro-active stance, understanding what classes of attacks --- known and not yet discovered --- various kinds of defenses repel. “If you want a system to be trustworthy you have to worry about failures and attacks,” notes Schneider.
“We already have plenty of experience dealing with failures. Resisting attacks, on the other hand, is not nearly as well understood.” Schneider rejects using “divide and conquer tactics” and dealing with failures and attacks separately. Instead, he is investigating a new scheme, called pro-active obfuscation, which solves both problems together.
“Pro-active” implies taking defensive actions before an attack is detected. “Obfuscation” involves reordering instructions and storage in programs. With multiple computers running differently-obfuscated programs, all the computers perform the same tasks but resist different kinds of attack. “The reason this works,” Schneider explains, “is that attackers normally exploit low-level implementation details in designing their attacks. So when computers in a network run identical programs it becomes easier to attack all of them in one fell swoop. We make it difficult for the same attack to succeed at the multiple replicas by in effect running different programs on the different machines. Obfuscation causes replicas to fail independently in case of an attack, just as physical separation of replicas means they will fail independently in the case of failures. So we create artificial independence, which protects the ensemble if not specific individual computers in the system.”
Having devised this pro-active obfuscation defense, Schneider has most recently been working on identifying the exact class of attacks it repels. “It seems to be quite powerful”, he says, “but only after we have a precise characterization will we know just how well it should work against attacks that have yet to be launched.”