Inherent Security Vulnerabilities of Computing Systems and Potential Solutions
- Category: Security
- Published on Sunday, 17 February 2013 18:22
- Hits: 1456
When talking about protection systems in general, it is important to stress that there exist inherent vulnerabilities in today’s computing systems, inherited from the first days of computing.
Von Neumann’s Architecture
One of the main characteristics of von Neumann’s architecture, which is preserved in all variations of today’s computing systems, is its universality. Universality means that computing systems are not task oriented but are programmed to perform various tasks depending on the implemented program. While universality is very convenient from a user’s point of view, it is inconvenient when regarding security requirements.
Problems include issues in defining “abnormal” behavior in computing systems. It is important to stress that anything that can be programmed may be programmed to perform malicious activities in the system and that it is very difficult to discern such an attempt from the “normal” system activities before some damage is done.
Binary Logic
Binary logic is a basic of today’s computing; for instance, everything is performed through the sequences of zeros and ones. While binary logic makes computing easy, it is an obstacle when it comes to security requirements for exact pattern recognition. Because of the inherent binary logic of today's systems, recognition can be brought down to distinguish "1" from "0", when it is supposed to be "1" and vice versa. Although there are the methods to circumvent this inconvenient bound (e.g. redundancy of recognition elements), it still remains a problem, which can be solved in a satisfactory way by changing the binary logic to multivalued logic.
Internetworking
Internetworking is a very important part of today’s communication because the Internet connects many networks all around the world. The communication across any set of interconnected networks is based mostly on Internet Protocol Suite. There are a number of serious security flaws inherent in the protocols. However, there are methods and protection tools to overcome those security flaws.
Such methods and tools will necessarily degrade the Internet performance because they must in some way control the traffic. This control often means limiting the free flow of information across the Internet, whether it involves completely suppressing some services or slowing down the transfer of information.
Fuzzy Logic – possible solution?
It was stated above that binary logic is an obstacle for present security tools. While it makes computing easy, it can be a drawback considering security requirements. For that reason, other types of logic, such as fuzzy logic, may be taken into consideration.
Fuzzy logic is a class of multivalent, generally continuous-valued logic based on the theory of fuzzy sets. Fuzzy logic is concerned with the set of theoretic operations allowed on fuzzy sets, how these operations are performed and interpreted, and the nature of fundamental fuzziness. [1]
Fuzzy logic is a calculus of compatibility. Unlike probability, which is based on frequency distribution in a random population, fuzzy logic deals with describing the characteristics of properties. Fuzzy logic describes properties that have continuously varying values by associating partitions of these values with a semantic label. Much of the descriptive power of fuzzy logic comes from the fact that these semantic partitions can overlap. This overlap corresponds to the transition from one state to the next. These transitions arise from the naturally occurring ambiguity associated with the intermediate states of semantic labels.
Fuzziness is a measure of how well an instance (value) conforms to a semantic ideal or concept. Fuzziness describes the degree of membership in a fuzzy set. This degree of membership can be viewed as the level of compatibility between an instance from the set's domain and the concept overlying the set. Measurements that fall at the extreme edges of a fuzzy region have minimal ambiguity or fuzziness since they are highly compatible with the set's concept. In between, these properties have varying degrees of ambiguity and can belong to different fuzzy sets simultaneously.
To be continued...
This article is intended to offer only an introduction in implementation of fuzzy logic in security solutions and to start discussion about its usability in such solutions. Further definitions of fuzzy logic and descriptions of fuzzy expert systems and their possible use in security systems will follow in the next issues of SysAffairs.
References:
[1] E. Cox The Fuzzy Systems Handbook, Academic Press, Inc., 1994.
[2] S. Stojakovic-Celustka, Building Secure Information Systems, PhD thesis, CVUT, Prague,
2000.
Suzana Stojaković – Čelustka, PhD is an expert in the field of information security. Some of her related duties were CEO of CARNet CERT (Croatian Academic and Research Network Computer Emergency Response Team) in 1997; CEO of CARNet Department for security of computer networks in 1998; assistant for information security related jobs in the Office for internetization of the Croatian Government from 2002 to 2004; senior advisor for information security in the Central State Office for e-Croatia, including development of the National program of information security in the Republic of Croatia from 2004 to 2006; and CISO (Chief Information Security Officer) in the Croatian Bank for Reconstruction and Development (current position).
She is also a lecturer on information security topics at various occasions and an editor at the Croatian Information Security Portal (http://www.sigurnost.info). She received her BSEE and M.Sc. at the Faculty of Electrotechnical Engineering, University of Zagreb, Croatia, and her Ph.D at the Faculty of Electrical Engineering, Czech Technical University of Prague, Czech Republic. Her Ph.D thesis, Building Secure Information Systems, can be found at http://www.oocities.com/suzana_sc2001/index.htm. Her other interests include research in computer architecture, distributed systems (networking), algorithmics, artificial intelligence, and artificial life.
She is an active member of IFIP W.G. 9.6/11.7 (Working Group 9.6/11.7 - Information Technology Mis-Use and the Law, IFIP Technical Committee 9 - Relationship between Computers and Society) and IFIP W.G. 16.5 (Working Group 16.5 – Social and Ethical Issues in Entertainment Computing – IFIP Specialist Group on Entertainment Computing).