Autonomic Computing and Computer Immunology: Keeping Security at the Forefront of the Technology Evolution

Sabre offers innovative solutions to address a clear and growing challenge to protect information systems and emerging technologies

Ubiquitous computing is a paradigm in which the processing of information is linked with each activity or object as encountered. It involves connecting electronic devices, including embedding microprocessors to communicate information. Devices that use ubiquitous computing have constant availability and are completely connected. The DON Computer Network Defense (CND) Roadmap demonstrates the ongoing nature of implementing CND to meet the range of computer network threats. In this information age and as the pervasiveness of computing continues to evolve and grow, it is imperative to employ methods that protect Internet accessible DON systems, applications, and associated data from compromise.

Sense of “Self”

As the ubiquity of computing and related technology increases, from a security perspective, it is important to emphasize the value of maintaining a strong sense of ‘self’ for each new technological advancement that takes place. While it is very difficult to predict with any degree of certainty how technology will actually evolve over the next 30 years, we will know how the related advanced technology products are designed and developed. Therefore, it is possible to protect those innovations during the system development life cycle; however, in order to do so, a drastic paradigm shift in technology development must occur – with the current emphasis on convenience instead of security. We propose a model based on Autonomic Computing and Computer Immunology to keep security at the forefront of the technology evolution. This model is designed to address key DON strategic priorities including: Training, Standards Development, Vulnerability Assessments, Computer Network Defense, Computer Network Exploitation and Attack. The application of our model will also mitigate the impact of a cyber-kill chain by inhibiting the exploitation and installation of malicious code on DON computer systems.

Autonomic computing is a self-managing computing model named after, and patterned on, the human body’s autonomic nervous system

An autonomic computing system would control the functioning of computer applications and systems without input from the user, in the same way that the autonomic nervous system regulates body systems without conscious input from the individual. The goal of autonomic computing is to create systems that run themselves, capable of high-level functioning while keeping the system’s complexity invisible to the user. Similarly, a Computer Immune System or Computer Immunology is a concept/field borrowed from the Human Immune System that protects human beings from dangerous foreign pathogens. There are several areas in which Immune System principles are currently being applied in a Cyber Security context: Host-Based Intrusion Detection, Network-Based Intrusion Detection, Distributed Change Detection, and Diversity to reduce Vulnerabilities.

Humans are often the weakest link in security due to a lack of awareness and training

Since humans will continue to be the primary consumers of new technology, it is imperative to take security “out of their hands” and rely on the self-protections that are built into new devices. Autonomic Computing (AC) addresses this “limitation” by providing self-protecting and self-healing mechanisms. Additionally, with a stable definition of self, recognizing new infection attacks on user owned devices is also possible. In the future, protection can be improved through a more preeminent focus on training the devices (not humans) to facilitate the self-protection process.

Standards Development should also evolve to be less focused on independent development of new technologies, but on the conjoined development of technology with Computer Immune System (CIS) and AC principles. The minimum requirements for each new computer system, network architecture, or application will be self-identifying properties. In today’s modern computer era, new applications (primarily in the mobile domain) are being developed at a rapid pace. For example, there are over 1.6 million apps for Android users and over 1.5 million apps for Apple users. With standards to govern the development of applications that are focused on AC and CIS principles, we will be poised to prevent, detect and subsequently eliminate any dangerous foreign activities or code implants.

Computer Network Defense (CND) is automatically built into the principles of both AC and CIS. The key to defending against threats targeting new technology is to ensure that new technology itself is profiled and the self-identifying characteristics determined. The current practice is to profile users of computer systems – not the systems themselves. This practice will not adapt with new technology, hence, has to change to be more system, application, and data centric. This changes the model of CND to be more proactive vs. reactive – as systems will always be monitoring for non-self-activities or malicious code being installed or transferred.
Vulnerabilities will be automatically detected with CIS’s ability to recognize new infections. As mentioned before, this ability hinges upon the system’s awareness of self. Once new vulnerabilities are identified, the self-healing properties will be applied and the system will be automatically patched. Current methods of assessing vulnerabilities are performed during post-technology development and periodically during its use. Manual scanning of critical software is not adequate to keep up with emerging threats and will continue to be an issue into the future.

AC and CISs can also govern Computer Network Exploitation and Attack principles. Similar to how an adversary infiltrates government networks and embeds code on a computer system for command and control, AC and CIS can be leveraged once an adversarial network is threatened via Computer Network Exploitation (CNE) and Computer Network Attack (CNA). AC and CIS will be used for a persistent presence on an adversarial system of interest.

Conclusion

The application of concepts from Autonomic Computing and Computer Immunology can provide a comprehensive approach for protection based on having an exemplary definition of self that evolves with the technology. Our proposed concepts can be applied to key strategic objectives for the Navy and Department of Defense at large.

Interested in Sabre Systems?

LEARN MORE

Sabre Systems, Inc.

Experience. Quality. Results.

SABRE

MARKETS

SABRE SOLUTIONS