A NEW FORM OF IT SECURITY
by BERNARD A HODSON
Not that many years ago a couple of people working in a garage produced an operating system called DOS. Their first product was atrocious but, with sponsorship from IBM the little seed grew into a tree which rivalled its initial sponsor. The same thing happened with a piece of software originally developed for a boxtop, it grew to worldwide prominence as Java. What I describe today could develop in the same way, given the type of support that created the Microsoft and Java phenomena, and it is a development sorely needed by the IT industry, particularly in the security arena.
We have recently had a spate of software problems with several banks, resulting in disruptions to customer accounts. In addition several banks have been plagued with spurious requests to users of the Internet to supposedly confirm account numbers, resulting in potential identity loss to those foolish enough to respond.
Some recent figures suggest that the current cost to the IT industry with spam alone is over $46B annually. Add to that the horrendous fiscal and social cost of viruses, worms, identity thefts and potential national security issues, and the incentive for change exists. Such a change in philosophy and the way we do things is long overdue.
The industry response so far has been to develop a patchwork quilt of ineffective remedies which are confusing to the user, essentially stopgap measures, which often do not alleviate the problem. They may temporarily reduce the risks but are then often bypassed by criminal hackers bent on disruption and chaos.
The security problems referred to are almost all caused by the ability of the perpetrators to introduce code into a target system often, but not always, through poorly designed (from a security viewpoint) operating and run systems. Is it possible to prevent this happening? With current software ideas I do not think so, the problem is likely to get worse. The solution involves a major rethinking of the entire concept of application software and operating systems, such as described in this article. The potential benefits are enormous, not just in the billions of dollars referred to but also in the intangible terms of personal and national security.
An examination of operating systems and application software shows that there are only a small number of common modules involved, primarily for data moves and arithmetic operations. If these could be standardised then a completely different software strategy could be developed to eliminate viruses, worms and hackers. A preliminary architecture for such a system can be found on the not yet fully developed web site genetix.ca under the heading 'Unpublished Papers' with the paper title A New Kind of Computing. This is not a theoretical concept but has actually been demonstrated in a number of contexts as quite workable.
The architecture described in the paper shows how a numeric code structure for applications can be developed which runs with a very small set of computer instructions, this being the only conventional software needed for all activity, the rest of the application being a string of numerics. For smart card microcontrollers this conventional set of instructions is about 2k bytes, somewhat more, but not significantly more, for embedded microchips and conventional microcomputers, which have more functionality. The concept has been shown to work in a variety of situations and is one of four technologies recommended to the US Army for consideration in terms of technology to be worn by soldiers in the latter part of this decade, in a report by the Oakridge National Laboratories. How does this approach work?
The structure is made up of four parts:
- a simple 'systems oriented language';
- a basic language structure for each command;
- an internal element structure, each module being independent of almost all others;
- a small virtual processor(VMP) run system.
The systems oriented language will be in the public domain and is translatable by any computer into a string of bytes. Each command of the language is not unique and can be in any ethnic language desired, as well as being definable in the jargon of specific disciplines. Each command is converted to a single byte, as is each variable used in the command lines of the application. This leads to a very compact byte structure, significantly smaller than Java and other systems oriented languages. The string of bytes is then presented to the VMP for processing. The translation could also be done manually, if desired, keying the relatively few byte codes needed for an application.
For the basic language structure the command is associated in the system with a small set of numeric codes which identify the internal elements needed to process the commands This is usually quite small, of the order of one two dozen bytes.
The VMP consists of a small number of basic modules. Depending on the functionality desired there are between ten and twenty small modules, the largest being the routines that handle floating point arithmetic. The VMP will be even smaller if the chip being used has built in floating point. Each module is given a unique number and are mainly a variety of data moves along with arithmetic processes. Two additional small routines identify, from the numeric codes of the internal numeric modules the VMP routine needed and the needed parameters for the command being processed.
The VMP is of constant size and nothing changes its internal structure. No additional code can be introduced, making it virus and worm proof. The approach includes an ability to be its own operating system. This will eventually dispense with Windows and other massive operating systems, but is immediately applicable to applications using chips for smart cards and embedded systems.
The architecture is mainly made up of internal modules, each of which consists of a string of unique numeric codes. The set of internal modules results from an analysis of a number of routine applications, (both business and scientific), and reflects the fact that most applications use a set of simple repeated code sequences. In this new approach the sequences are replaced by a numeric string which never changes, adding a further frustration to would be criminal hackers.
Each numeric code within the strings of numbers for an internal module uniquely identifies uniquely the VMP module to be used and also the parameters to be used. Note that no variable names are used in this process, variables having been given a unique relative number in the translation phase of converting the application to a compact string of bytes, one reason why this approach is ethnic language independent, and can be customised to the jargon of any discipline.
With this brief introduction, and a reading of the paper in genetix.ca it is appropriate to consider the effect the approach has, not only on security, itself, but also on other aspects of IT which have a security bearing.
The first obvious fact is that the VMP is very small and should be able to be proven error free. It can also be associated with one or more check sums, ensuring that at all times there has been no intrusion. The application byte code stream developed outside the VMP can also incorporate check sums, to ensure that even the byte code stream is unpolluted. There is no mechanism to change the numeric codes of the language and nothing that changes the internal elements. Each of the elements, (most are unique and independent of other elements), can also be associated with a check sum. As a further safeguard any data stored can be encrypted by adding one or more encryption modules to the VMP. An alternate would be to use the VMP chip to linked encryption chips and/or chips that store biometric data.
In the early research a module was created for the VMP to handle JPEG and MPEG but it makes more sense to have the VMP access a chip which carries out the actions needed. The early research also served to suggest that the VMP could itself control a chip or switch which routed high speed (multi gigabit) data around a network.
It would also make sense to place the very small VMP on its own chip with linkages to other chips for games, telecommunications (at various bandwidths), video images and films, and sophisticated graphics. This will be achieved by developing the VMP chip as its own operating system. Because of the very compact application byte streams scores can be placed on a smart card microcontrollers, with hundreds capable of storage on the larger chips. Applications can be prioritised in several layers, and the VMP will also allow for simultaneous running of applications such as is current in existing operations.
The development of applications with this approach is a simple affair and has been tested with students in Canada, and with business people in both Canada and the United States. Apart from that aspect there is little need for any conventional assembly language operations (except to develop VMPs for various chips) and no need whatsoever for application developers in other languages such as Java or Cobol or Fortran. These will continue to exist a few more years for legacy applications integrated with the new approach.
Apart from the huge cost of the current lack of IT security (viruses, worms, spam, sizure of email addresses etc.) the suggested approach leads to significant savings in application development, and will lead to huge savings in the elimination of current operating systems, associated as they are with obscene wastage of hard drive, CD and other resources.
How should the IT industry move towards such an approach?
It has already been proven on a pilot basis with smart card microcontrollers such as Atmel's AVR RISC chip and Sieman's-32 bit Infineon chip. One strategy is to develop these chips for smart card and embedded operations with the approach outlined above and eliminate some of the primitive operating systems currently in use, such as used by Visa, Gemplus, Barclays and others. At the same time the new approach could be incorporated (first of all experimentally) in smart telephones both with and without video capability.
It has also been shown to work with Intel processors, which have a much smaller market (volume wise) than that for embedded and smart card chips. This is a more complex world and would be more difficult to penetrate initially. Success in the microcontroller world, however, would lead companies to experiment. One of the first experiments could be that of a dedicated email service that eliminates spam and, in the process, saves the IT industry several billion dollars per year, ample enough to warrant a major experiment in the arena. Once such a development took place then other applications would fall like nine pins, perhaps in the order of data base search, data base creation, maintenance and retrieval, on line banking free of intrusion and so on.
No doubt many readers will consider this 'dreaming', but no more so than occurred with early developments by Microsoft and Sun. Moreover one entry on Internet suggests the approach described is ideal for nanotechnology, which operating systems such as Windows and Solaris cannot touch.
I would like to extend these ideas further, establishing a de facto standard as usually occurs with fresh ideas, and would value extensive feedback to email@example.com. I am also willing to make presentations on this approach (in such cases I would ask for travel, meals and accommodation expenses), and answer a variety of questions, to be placed at some future date in an FAQ section of my web site as it develops. I look forward to hearing from readers.