Babel: a secure computer is a polyglot
Authors: 
John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris JarabekAuthors Info & Claims
John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris JarabekAuthors Info & ClaimsOctober 2012
Pages 43 - 54
Abstract
Why should a user's computer be trusted at all? We propose a new model of the computer, Babel, that makes a user's computer appear as it normally would, but is actually untrusted to the point where it cannot run the code installed on it. Each computer, each process, speaks a different language, and a translator on the network, in the cloud, is needed to allow a user's computer to execute code. This has enormous implications. The user gets continuous protection, and multiple kinds of protection, with no need for security updates or patches. At the same time, the user effectively has an adjustable control that they can set based on their risk assessment and need for privacy. Babel can work perfectly well alongside existing systems, and opens new markets for security.
References
[1]
J. P. Anderson. Computer security technology planning study: Volume II, Oct. 1972. ESD-TR-73-51, Vol. II.
[2]
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. A view of cloud computing. Commun. ACM, 53(4):50--58, Apr. 2010.
[3]
A. Avižienis. The N-version approach to fault-tolerant software. IEEE Transactions on Software Engineering, SE-11(12):1491--1501, 1985.
[4]
J. Aycock. A brief history of just-in-time. ACM Computing Surveys, 35(2):97--113, June 2003.
[5]
J. Aycock. Computer Viruses and Malware, volume 22. Springer, 2006.
[6]
J. Aycock. Spyware and Adware, volume 50. Springer, 2010.
[7]
M. Baentsch, L. Baum, G. Molter, S. Rothkugel, and P. Sturm. World Wide Web caching: The application-level view of the Internet. IEEE Communications Magazine, 35(6):170--178, 1997.
[8]
V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent dynamic optimization system. In ACM Conference on Programming Language Design and Implementation, pages 1--12, 2000.
[9]
E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Transactions on Information and System Security, 8(1):3--40, Feb. 2005.
[10]
E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanović, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In 10th ACM Conference on Computer and Communications Security, CCS '03, pages 281--289, 2003.
[11]
Á. Beszédes, R. Ferenc, T. Gyimóthy, A. Dolenc, and K. Karsisto. Survey of code-size reduction methods. ACM Computing Surveys, 35(3):223--267, Sept. 2003.
[12]
S. W. Boyd, G. S. Kc, M. E. Locasto, A. D. Keromytis, and V. Prevelakis. On the general applicability of instruction-set randomization. IEEE Transactions on Dependable and Secure Computing, 7(3):255--270, 2010.
[13]
M. Chiriac. Tales from cloud nine. In Virus Bulletin Conference, pages 1--6, 2009.
[14]
B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti. CloneCloud: elastic execution between mobile device and cloud. In EuroSys '11, pages 301--314, 2011.
[15]
C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations. Technical Report 148, University of Auckland, Department of Computer Science, 1997.
[16]
F. J. Corbató and V. A. Vyssotsky. Introduction and overview of the Multics system. In AFIPS Fall Joint Computer Conference, pages 185--196, 1965.
[17]
E. E. David, Jr. and R. M. Fano. Some thoughts about the social implications of accessible computing. In AFIPS Fall Joint Computer Conference, pages 243--247, 1965.
[18]
R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In 13th USENIX Security Symposium, 2004.
[19]
S. Dorward, R. Pike, D. L. Presotto, D. Ritchie, H. Trickey, and P. Winterbottom. Inferno. In 42nd IEEE International Computer Conference, COMPCON '97, pages 241--244, 1997.
[20]
P. Eckersley. How unique is your web browser? In 10th Privacy Enhancing Technologies Symposium, pages 1--18, 2010.
[21]
D. R. Engler. The exokernel operating system architecture. PhD thesis, Massachusetts Institute of Technology, 1998.
[22]
W. S. Evans and C. W. Fraser. Bytecode compression via profiled grammar rewriting. In ACM Conference on Programming Language Design and Implementation, pages 148--155, 2001.
[23]
M. Franz and T. Kistler. Slim binaries. Commun. ACM, 40(12):87--94, 1997.
[24]
C. G. Girling. Covert channels in LAN's. IEEE Transactions on Software Engineering, SE-13(2):292--296, 1987.
[25]
C. Gkantsidis, T. Karagiannis, P. Rodriguez, and M. Vojnovic. Planet scale software updates. In ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 423--434, 2006.
[26]
M. Golm, M. Felser, C. Wawersich, and J. Kleinöder. The JX operating system. In USENIX Annual Technical Conference, pages 45--58, 2002.
[27]
D. Golub, R. Dean, A. Forin, and R. Rashid. Unix as an application program. In Summer 1990 USENIX Conference, pages 87--95, 1990.
[28]
Google. Google data centers. http://www.google.com/about/datacenters, Last accessed 25 March 2012.
[29]
J. Gosling, D. S. H. Rosenthal, and M. J. Arden. The NeWS Book: An Introduction to the Network/extensible Window System. Springer, 1989.
[30]
Q. Guo and E. Agichtein. Ready to buy or just browsing? Detecting web searcher goals from interaction data. In 33rd International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 130--137, 2010.
[31]
S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3):151--180, 1998.
[32]
G. C. Hunt, J. R. Larus, D. Tarditi, and T. Wobber. Broad new OS research: challenges and opportunities. In 10th conference on Hot Topics in Operating Systems, 2005.
[33]
M. Jakobsson and A. Juels. Server-side detection of malware infection. In 2009 New Security Paradigms Workshop, pages 11--22, 2009.
[34]
G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In 10th ACM Conference on Computer and Communications Security, pages 272--280, 2003.
[35]
V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In 11th USENIX Security Symposium, pages 191--206, 2002.
[36]
G. Klein, J. Andronick, K. Elphinstone, G. Heiser, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an operating-system kernel. Commun. ACM, 53(6):107--115, June 2010.
[37]
B. W. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613--615, 1973.
[38]
J. Lee and A. Smith. Branch prediction strategies and branch target buffer design. IEEE Computer, 17(1):6--22, Jan. 1984.
[39]
T. Li, L. K. John, A. Sivasubramaniam, N. Vijaykrishnan, and J. Rubio. OS-aware branch prediction: Improving microprocessor control flow prediction for operating systems. IEEE Transactions on Computers, 56(1):2--17, 2007.
[40]
L. Martignoni, R. Paleari, and D. Bruschi. A framework for behavior-based malware analysis in the cloud. In Information Systems Security, volume 5905 of Lecture Notes in Computer Science, pages 178--192, 2009.
[41]
S. S. Muchnick. Advanced Compiler Design and Implementation. Morgan Kaufmann, 1997.
[42]
C. Nachenberg, Z. Ramzan, and V. Seshadri. Reputation: A new chapter in malware protection. In 19th Virus Bulletin International Conference, pages 185--191, 2009.
[43]
J. Oberheide, E. Cooke, and F. Jahanian. Rethinking antivirus: executable analysis in the network cloud. In Proceedings of the 2nd USENIX workshop on Hot topics in security, pages 5:1--5:5, 2007.
[44]
J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-version antivirus in the network cloud. In 17th USENIX Security Symposium, pages 91--106, 2008.
[45]
N. Paterson. Walled gardens: the new shape of the public Internet. In iConference 2012, pages 97--104, 2012.
[46]
D. Pavlovic. Gaming security by obscurity. In 2011 New Security Paradigms Workshop, pages 125--139, 2011.
[47]
R. Pike and D. M. Ritchie. The styx architecture for distributed systems. Bell Labs Technical Journal, 4(2), 1999.
[48]
G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: versatile protection for smartphones. In 26th Annual Computer Security Applications Conference, ACSAC '10, pages 347--356, 2010.
[49]
T. H. Romer, D. Lee, G. M. Voelker, A. Wolman, W. A. Wong, J.-L. Baer, B. N. Bershad, and H. M. Levy. The structure and performance of interpreters. In 7th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 150--159, 1996.
[50]
M. Rozier, V. Abrossimov, F. Armand, I. Boule, M. Gien, M. Guillemont, F. Herrmann, C. Kaiser, S. Langlois, P. Léonard, and W. Neuhauser. Chorus distributed operating systems. Computing Systems, 1(4):305--370, 1988.
[51]
B. Salamat, T. Jackson, G. Wagner, C. Wimmer, and M. Franz. Runtime defense against code injection attacks using replicated execution. IEEE Transactions on Dependable and Secure Computing, 8(4):588--601, 2011.
[52]
P. Szor. The Art of Computer Virus Research and Defense. Addison Wesley, 2005.
[53]
A. S. Tanenbaum. Operating systems: design and implementation. Prentice Hall, 1987.
[54]
The Chromium Project. Chromium OS. http://www.chromium.org/chromium-os, Last accessed 3 April 2012.
[55]
H. Thimbleby. Can viruses ever be useful? Computers & Security, 10(2):111--114, 1991.
[56]
F. Tip. A survey of program slicing techniques. Journal of Programming Languages, 3(3), 1995.
[57]
Vita Nuova. Dis virtual machine specification, 9 January 2003, last accessed 5 April 2012.
[58]
M. Weiser. Program slicing. In 5th International Conference on Software Engineering, pages 439--449, 1981.
[59]
P. Winterbottom and R. Pike. The design of the Inferno virtual machine, Last accessed 5 April 2012.
[60]
T.-F. Yen, Y. Xie, R. P. Yu, and M. Abadi. Host fingerprinting and tracking on the web: Privacy and security implications. In 19th Annual Network & Distributed System Security Symposium, 2012.
[61]
S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Transactions on Computer Systems, 20(3):283--328, Aug. 2002.
Index Terms
- Babel: a secure computer is a polyglot
Recommendations
NSPHD: the polyglot computer
NSPW '13: Proceedings of the 2013 New Security Paradigms WorkshopPerforming security verification on a compromised system can give a false sense of security. If compromised, a computer system would likely return false information, which could "deceive" any verification process. Our motivation for this work is ...
Babel, an application of extensible compilers
Proceedings of the international symposium on Extensible languagesThe normal approach in providing an extensible programming language seems to be to design and implement a base language which has facilities enabling the programmer to define and use extensions. This paper discusses a solution using an alternative ...
Babel and SOAP applications of extensible compilers
This paper describes a method of writing compilers which can easily be extended or altered. Two applications of the method are described; the first is a conventional programming language called Babel and the second is a program called SOAP which ...
Comments
Information & Contributors
Information
Published In
October 2012
134 pages
ISBN:9781450316651
DOI:10.1145/2381913
- General Chair:
- Ting Yu,
- Program Chairs:
- Srdjan Capkun,
- Seny Kamara
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 October 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS'12
Sponsor:
CCS'12: the ACM Conference on Computer and Communications Security
October 19, 2012
North Carolina, Raleigh, USA
Acceptance Rates
Overall Acceptance Rate 37 of 108 submissions, 34%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 257Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in