POSTER
2005 ACM Symposium on Applied Computing
C T ABSTRA
Self-Organization and Computer Security A Case Study in Adaptive Coordination Ronaldo Menezes CCI, Computer Sciences, Florida Tech Melbourne, Florida, USA
[email protected]
ABSTRACT One frequently hears stories about security breeches. Despite all the money that has been fed into research in computer security, it looks like researchers are loosing the battle against attackers. This paper argues that one basic problem in security systems is their staticness, and suggests they should be dynamic in nature. This paper describes two cases where adaptiveness based on self-organization may lead to dynamic solutions to malicious code protection and security policy distribution.
Categories and Subject Descriptors K.6.5 [Secority and Protection]: Invasive software; I.2.11 [Distributed Artificial Intelligence]: Multiagent systems
making decisions. However, the size and complexity of large distributed systems has resulted in a trend towards automating many aspects of management into distributed components. If policies are coded into these components they become inflexible and their behavior can only be altered by recoding [5]. The problem above can be avoided if updates and distribution of the policies can be automated by means of mobile agents that carry new policy versions and remove old ones. Hence, the use of new schemas in policy distribution seems inevitable. Let us assume that a security policy ζ is currently stored at all nodes of a network. Due to newly discovered security issues, the security policies need to be updated to ζn . The task of distributing ζn to all nodes faces at least the following problems: Cost: In WANs, it is important to find the shortest path between the nodes to minimize the cost of policy distribution. In general, the solution here is similar to the traveling salesman problem (TSP). Thus, the use of heuristics based on self-organization is more sound.
Keywords Self-Organization, Security, Coordination
1. INTRODUCTION As technology moves forward, the complexity of problems in need of solutions increases as fast as the computer power available to solve them. Security problems are not different except that despite the resources available to experts, they do not seem to be wining the battle against attackers. This proposes the introduction of self-organization concepts in the propagation of security policies on large scale networks as a natural way of removing the staticness of security system systems. It also discusses how self-organization may be useful in the improvement of the status quo in malicious code protection.
2. SECURITY POLICIES DISTRIBUTION Policies are one aspect of information which influences the behavior of objects within the system [5]. Human managers are adept at interpreting both formal and informal policy specifications and, if necessary, resolving conflicts when
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SAC’05 , March 13-17, 2005, Santa Fe, New Mexico, USA Copyright 2005 ACM 1-58113-964-0/05/0003 ...$5.00.
467
Relinquish of Old Versions: Policies are generally passive objects and are sent as such to the nodes on the network. The use of active policies that are able to self-install in an application node may be desirable. Disconnection: Disconnections may cause some nodes in the network to be unable to receive policy updates. A distribution mechanism needs to be reactive. Adaptiveness: Policy distribution mechanisms need to handle networks with dynamic topology such as Mobile Ad-hoc Networks (MANETs). Self-organization, in particular swarm Intelligence [2], may be used as the basis for an adaptive, distributed, and reactive policy distribution system.
2.1
Self-Organized Direction
If one looks at self-organized metaphors, there are at least three ways the distribution problem above can be made dynamic: using molding [3], using foraging [3] and also using flocking [1]. However, a reasoable approach would be to use the good characterstics of each of these approaches into a more elaborate distribution system. To better understand a molding approach, assume a network in which all the nodes currently have a copy of the security policy ζ. The distribution algorithm works by making the security policies active and attracted by different versions of policies. When a policy ζk is created, it looks at the
neighbors and replicates itself to the neighbors that contain policies ζ
