When unpredictability becomes a great way to defend cyberspace

cyber-security-protection

(Cyberwar.news) Cyber security has grown into the number one priority for governments and the private sector alike in the Digital Age, but actually defending cyberspace from hack attacks and malware insertion has proven much more difficult than many had expected.

As evidenced by a series of high-profile hacks, the U.S. government’s systems have proven especially vulnerable. In addition, the amount of secret data on weapons systems and vital infrastructure that has been breached is thought by many to be incalculable. Finally, hackers working on behalf of foreign powers have managed to penetrate uber-sensitive systems belonging to the energy industry, financial markets and the transportation sector.

But now, according to the University of Florida’s Herbert Wertheim College of Engineering, a new operating system under development known as “Chameleon” may change the way cybersecurity is conducted.

As reported by Homeland Security Newswire, the operating system is designed to create some unpredictability so that computers can more easily detect and defeat malware.

The site reported further:

In Chameleon, which is still in the conceptual phase, unknown programs that could be malware run in a special “unpredictable” environment, where the OS intentionally introduces some unpredictability to the way they operate.

“Even though it seems crazy to impact functionality, it can be very effective at countering attacks if it only impacts software that could be malicious,” Daniela Oliveira, a professor at the engineering school involved in the Chameleon project, said. “The malicious process thinks it’s in control, but it’s not.”

It works along these lines: Programs that you trust and are familiar with could be approved to run in a regular environment where they function normally, while malware that has been detected is sequestered in a third environment, called deceptive, the news site reported.

Instead of destroying it immediately, however, the Chameleon OS would permit the malicious processes to work in a phony environment, all the while collecting information and data that can ultimately be used to defeat it.

Oliveira’s inspiration for the system stems, in part, from an interest in military strategy.

“I’ve read a lot about warfare. Sun Tzu, Julius Caesar — they were successful because of the element of surprise. Cyberwarfare is the same,” she said, the newswire reported.

“Predictable computer systems make life too easy for attackers.”

Deception has been used before to defeat hacking. So-called “honeypot” tactics have been used to lure in unsuspecting cyber attackers so information about them could be gathered and analyzed.

The newswire noted further:

What sets Chameleon apart is inconsistent deception: Software that has been quarantined — or malware that bypasses standard detection systems — runs in an unfavorable environment until proven either benign or malicious.

Oliveira said the OS would be particularly useful for corporate systems, where mission-critical software is known about in advance.

See also:

Homeland Security Newswire

Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.