Unpredictability as a Cyber Defense

Thursday, January 21, 2016 @ 05:01 PM gHale

Sometimes systems running with regularity are too easy for malware to jump in, so what happens when the system shows a sense of disarray?

That is exactly what Daniela Oliveira, a professor in the University of Florida Herbert Wertheim College of Engineering, is thinking of when she says unpredictability could help outsmart malware.

DHS Works Toward Secure Future
Test Bed for Grid Security
New Path for Secure Communications
Automating Big Data Analysis

That’s the logic behind Chameleon, the operating system she’s developing with colleagues at UF, Stony Brook University and the University of California, Davis.

Chameleon, which is still at the conceptual phase, runs unknown programs that could be malware in a special “unpredictable” environment, where the OS intentionally introduces some unpredictability to the way they operate.

“Even though it seems crazy to impact functionality, it can be very effective at countering attacks if it only impacts software that could be malicious,” Oliveira said. “The malicious process thinks it’s in control, but it’s not.”

Programs you know and trust could run in a standard environment where they’ll function normally, while detected malware end up sequestered in a third environment, called deceptive. Instead of squashing them immediately, Chameleon would let the malicious processes continue to work in a façade environment while collecting information it could use to understand and defeat them.

Oliveira’s inspiration came in part from her interest in military strategy.

“I’ve read a lot about warfare. Sun Tzu, Julius Caesar – they were successful because of the element of surprise. Cyberwarfare is the same,” she said.

Deception has seen use against cyber attacks before, mostly in “honeypot” strategies that lure attackers in to gather information. But those deceptions typically end up quickly revealed, Oliveira said, which limits their effectiveness. What sets Chameleon apart is inconsistent deception: Quarantined software – or malware that bypasses standard detection systems – runs in an unfavorable environment until proven either benign or malicious.

An operating system like Chameleon would be great for a corporate environment, where users know the mission-critical software in advance, Oliveira said. That’s good news not just for corporations, but also for those of us who entrust our sensitive data to them.

“Predictable computer systems make life too easy for attackers,” she said.