|
|
Distributability
Lymphocytes in the immune system are able to determine locally the presence of an infection. No
central coordination takes place, which means there is no single point of failure. Thus, the
concept of distributed architecture should be emphasized.
Multi-layered
In the immune system, no one mechanism confers complete security. Rather. Multiple layers of
different mechanisms are combined to provide high overall security. This too is not a new concept
in computer security, but it is important and should be emphasized in system design.
Diversity
By making systems diverse, security vulnerabilities in one system are less likely to be
widespread. There are two ways in which systems can be diverse: the protection systems can be
unique ( as in natural immune system) or the protected systems can be diversified.
Disposability
No single component of human immune system is essential that is any cell can be replaced. The
immune system can manage this because cell death is balanced by cell production. Although we do
not currently have self-reproducing hardware, death and reproduction at the process/agent level
is certainly possible and would have some advantages if it could be controlled.
Autonomy
The immune system does require outside management or maintenance; it autonomously classifies and
eliminates pathogens and it repairs itself by replacing damaged cells. Although we do not expect
(or necessarily want) such degree of independence from our computers, as networks and CPU speeds
increase, and as the use of mobile code spreads, it will be increasingly important fro computers
to manage most security problems automatically.
Adaptability
The immune system learns to detect new pathogens and retains the ability to recognize previously
seen pathogens through immune memory. A computer immune system should be similarly adaptable,
both learning to recognize new intrusions and remembering the signatures of previous attacks.
No secure Layer
Any cell in the human body can be attacked by a pathogen including those of immune system itself.
However, because lymphocytes are also cells lymphocytes can protect the body against other
compromised lymphocytes. In this way, mutual protection can stand in for a secure code base.
Dynamically changing coverage
The immune system makes a space/time trade off in its detector set; it cannot maintain a set of
detectors (lymphocytes) large enough to cover the space of all pathogens, so instead at any time
it maintains a random sample of its detector repertoire, which circulates throughout the body.
This repertoire is constantly changing through cell death and reproduction.
Identity via behavior
In cryptography identity is proven through the use of a secret. The human immune system, in
contrast, does not depend on secrets; instead, identity is verified through the presentation of
protein fragments. Because proteins can be thought of as ? the running code? of the body,
peptides serve as indicators of behavior. This can be implemented as short sequences of system
calls in computer immune system.
Anomaly detection
The immune system that has the ability to detect pathogens that it has never encountered before
that is it performs anomaly detection. This ability to detect intrusions or violation that are
not already known is an important feature of any security system.
Numbers game
The human immune system replicates detectors to deal with replicating pathogens. It must do so
otherwise the pathogens would quickly overwhelm any defense. Computers are subject to a similar
numbers game, by hackers freely trading exploit scripts on the Internet, by denial of service
attacks and by computer viruses. For example: success of one hacker can quickly lead to the
compromise of thousands of hosts. Clearly the pathogens in the computer security world are
playing the numbers game.
NEXT: Possible Architectures
|