Advice for secure computing: start over
Updated: 2012-11-11 08:04
By John Markoff(The New York Times)
Dr. Peter G. Neumann has spent years arguing that computing can be made safe only if it is completely rethought, beginning with a clean slate. Jim Wilson / The New York Times
MENLO PARK, California - Many people cite Albert Einstein's aphorism "Everything should be made as simple as possible, but no simpler." But few have had the opportunity to discuss the concept with the physicist over breakfast.
One of those is Peter G. Neumann, now an 80-year-old computer scientist at SRI International, a pioneering engineering research laboratory here.
As an applied-mathematics student at Harvard University, Dr. Neumann had a two-hour breakfast with Einstein on November 8, 1952. What he took away was a deeply held philosophy of design that has remained his governing principle of computing and computer security.
For many years, Dr. Neumann has been tirelessly pointing out that the computer industry has a penchant for repeating the mistakes of the past. A leading specialist in computer security, he predicted that the security flaws that have accompanied the pell-mell explosion of the computer and Internet industries would have disastrous consequences.
"His biggest contribution is to stress the 'systems' nature of the security and reliability problems," said Steven M. Bellovin, chief technology officer of the Federal Trade Commission. "That is, trouble occurs not because of one failure, but because of the way many different pieces interact."
Dr. Bellovin said that it was Dr. Neumann who gave him the insight that complex systems break in complex ways and that the increasing complexity of modern hardware and software has made it virtually impossible to identify the flaws and vulnerabilities in computer systems and ensure that they are secure.
The consequence is an epidemic of malware and rising concerns about cyberwarfare as a threat to global security.
Dr. Neumann is leading an effort to completely rethink how to make computers and networks secure, in a project financed by the Pentagon's Defense Advanced Research Projects Agency, or Darpa, with Robert N. Watson, a computer security researcher at Cambridge University's Computer Laboratory.
"Most of the folks who are responsible don't want to hear about complexity," Dr. Neumann said. "They are interested in quick and dirty solutions."
Today, computer security is a multibillion-dollar industry, though one of dubious competence. Dr. Neumann reasons that the only workable and complete solution to the computer security crisis is to study the past half century's research, pick out the best ideas and then build something new from the bottom up.
Richard A. Clarke, a former American counterterrorism czar, agrees Dr. Neumann's Clean Slate effort is essential.
"Sure, it would cost an enormous amount to rearchitect," Mr. Clarke said, "but let's start it and see if it works better and let the marketplace decide."
Dr. Neumann's program includes two related efforts: Crash, for Clean-Slate Design of Resilient Adaptive Secure Hosts; and MRC, for Mission-Oriented Resilient Clouds. The idea is to reconsider computing entirely, from the silicon wafers on which circuits are etched to the application programs run by users, as well as services that are placing more private and personal data in remote data centers.
To combat uniformity in software, designers are now pursuing a variety of approaches that make computer system resources moving targets. The Clean Slate project is creating software that constantly shape-shifts to elude would-be attackers.
That the Internet enables almost any computer in the world to connect directly to any other makes it possible for an attacker who identifies a single vulnerability to almost instantly compromise a vast number of systems.
But Dr. Neumann notes that biological systems have multiple immune systems - not only are there initial barriers, but a second system consisting of sentinels like T cells can detect and eliminate intruders and then remember them to provide protection in the future.
One design approach that Dr. Neumann's team is pursuing is known as a tagged architecture. In effect, each piece of data in the experimental system must carry an encryption code that ensures that it is one that the system trusts. If the data or program's papers are not in order, the computer won't process them.
For Dr. Neumann, a big frustration is seeing problems that were solved four decades ago still plaguing the computer world.
His conversation with Einstein was the start of a lifelong romance with both the beauty and the perils of complexity, something Einstein hinted at.
"What do you think of Johannes Brahms?" Dr. Neumann asked the physicist.
Einstein replied, "I believe Brahms was burning the midnight oil trying to be complicated."
The New York Times
(China Daily 11/11/2012 page11)