Unpredictability as a cyber defense

Researchers are developing Chameleon, which is an operating system (OS) that is designed to run unknown programs that could be malware in a special "unpredictable" environment that intentionally introduces some unpredictability to the way the system operates.

By Gregory Hale, ISSSource March 1, 2016

Sometimes systems running with regularity are too easy for malware to jump in, so what happens when the system shows a sense of disarray?

That is exactly what Daniela Oliveira, a professor in the University of Florida Herbert Wertheim College of Engineering, is thinking of when she says unpredictability could help outsmart malware.

That’s the logic behind Chameleon, the operating system (OS) she’s developing with colleagues at UF, Stony Brook University and the University of California, Davis.

Chameleon, which is still at the conceptual phase, runs unknown programs that could be malware in a special "unpredictable" environment, where the OS intentionally introduces some unpredictability to the way they operate.

"Even though it seems crazy to impact functionality, it can be very effective at countering attacks if it only impacts software that could be malicious," Oliveira said. "The malicious process thinks it’s in control, but it’s not."

Programs you know and trust could run in a standard environment where they’ll function normally, while detected malware end up sequestered in a third environment, called deceptive. Instead of squashing them immediately, Chameleon would let the malicious processes continue to work in a façade environment while collecting information it could use to understand and defeat them.

Oliveira’s inspiration came in part from her interest in military strategy.

"I’ve read a lot about warfare. Sun Tzu, Julius Caesar—they were successful because of the element of surprise. Cyberwarfare is the same," she said.

Deception has seen use against cyber attacks before, mostly in "honeypot" strategies that lure attackers in to gather information. But those deceptions typically end up quickly revealed, Oliveira said, which limits their effectiveness. What sets Chameleon apart is inconsistent deception: Quarantined software—or malware that bypasses standard detection systems—runs in an unfavorable environment until proven either benign or malicious.

An operating system like Chameleon would be great for a corporate environment, where users know the mission-critical software in advance, Oliveira said. That’s good news not just for corporations, but also for those of us who entrust our sensitive data to them.

"Predictable computer systems make life too easy for attackers," she said.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineeringcvavra@cfemedia.com.

ONLINE extra

See additional stories from ISSSource about cyber security below.

Original content can be found at www.isssource.com.