Principles of Reactive Worm Defense
About the talk:
|Worms, self-propagating malicious code, have spread worldwide
in less than 10 minutes and could potentially be even faster, with plausible
global reach in under 2 seconds. Due to their extreme speed, any
reactive defense needs to be purely automatic.
But what principles might underly such defenses? We begin with a notion from the military community, the OODA loop, as a method of describing how adversaries work. We simplify this formulation to describe automatic OODA loops, which naturally encompass Detection, Analysis, Response, and Collaboration.
The time scales involved in communication are often the limiting factor, so we explore time scales for worm propagation and different collaboration strategies. We also explore two basic response strategies, containment and blocking, and how they interact with collaboration.
Finally, we put everything together to try to describe concepts for defending a monoculture P2P network, arguably the most vulnerable ecology, from a fast-spreading worm.
About the speaker:
|Nicholas Weaver is a researcher at ICSI in Berkeley.|