Please use this identifier to cite or link to this item: http://hdl.handle.net/11023/2715
Title: Building Babel - Towards a Security System through Co-dependency and Diversity
Author: de Castro, Daniel Medeiros Nunes
Advisor: Aycock, John Daniel
Keywords: Computer Science
Issue Date: 24-Dec-2015
Abstract: A common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process. This research project called “Babel” consists of an innovative approach for computer security. We envision a system where, from the user’s viewpoint, everything seems exactly the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”. Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution. Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity. This dissertation documents our experiences and successes developing a proof-of-concept of Babel.
URI: http://hdl.handle.net/11023/2715
Appears in Collections:Electronic Theses

Files in This Item:
File Description SizeFormat 
ucalgary_2015_deCastro_Daniel.pdfDissertation main document2.07 MBAdobe PDFView/Open


Items in The Vault are protected by copyright, with all rights reserved, unless otherwise indicated.