Instead of putting a single canary in a coal mine, why not have several, each one capable of responding to a different poisonous gas, thanks to a switch in its genetic code? That’s the basic idea behind Double Helix, a cybersecurity system that Computer Science Professor Jack Davidson and his colleagues at the University of Virginia and the University of New Mexico are developing with a $5.9 million grant for the Defense Advanced Research Projects Agency (DARPA).
“Virtually everything the military does these days is controlled by computers, from shipboard navigation to air traffic control,” Davidson said. “Enemies know that if they can knock a mission critical system out, they can severely degrade our capabilities.”
Double Helix is based on concept called structured diversity. Double Helix creates a number of functionally equivalent versions of a mission-critical system, but adjusts the binary code of some of these clones—the equivalent to changing their four-letter DNA code—so that properties needed for successful attacks are missing. When a particular type of cyberattack occurs, one of the clones will behave differently from the other clones. At this point, Double Helix will take action to recover from the attack by modifying the affected clones.
In phase one of the project, Davidson and his colleagues—including Professor Emeritus John Knight, Associate Professor Wes Weimer and scientists Jason Hiser, Anh Nguyen-Tuong, and Michele Co—used catalogues that classify attacks by their vulnerable property as a guide and modified clones to eliminate these targets.
DARPA recently gave Davidson’s team approval to proceed to phase two, where the group will concentrate on attack recovery.
“This is going to be quite demanding,” Davidson said. “We must be able to analyze the state of the clones, determine the nature of the attack, and take remedial action, all in milliseconds.”
The team is planning to use a combination of techniques to achieve this goal, rolling the replicas back to a known good state before the attack while creating a clone that is immune to the attack.
Manipulating the system at its most basic level – the ones and zeros that make up its binary code — has a number of advantages. It enables Double Helix to make changes regardless of the higher-level computer language that defense department programmers used to create a system. Equally important, it makes it possible for Davidson’s team to test the protective changes they have made by evaluating them against a model they are building of the complex instruction set found in the underlying Intel processor. Their goal is to ensure that the transformations they make to protect the system do not functionally alter the system—and that these changes will effectively thwart an attack.
Developing this model is perhaps its most daunting challenge in the entire project.
“The Intel processors in use today are notorious for their hugely complex instruction set,” he said. “Our goal is to abstract this complex information into a series of formal statements so that we can reason about the code.”
Work on this task began in phase one and will be the focus of the third and final phase of the project, expected to be completed in 2018.