http://www.eweek.com/article2/0,1895,1867317,00.asp By Ryan Naraine October 5, 2005 Convinced that businesses will use nonmalicious worms to cut down on network security costs, a high-profile security researcher is pushing ahead with a new framework for creating a "controlled worm" that can be used for beneficial purposes. Dave Aitel, vulnerability researcher at New York-based Immunity Inc., unveiled a research-level demo [1] of the "Nematode" framework at the Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good worms will become an important part of an organization's security strategy. "We're trying to change the way people think," Aitel said in an interview with Ziff Davis Internet News. "We don't want people to think this is impossible. It's entirely possible to create and use beneficial worms and it's something businesses will be deploying in the future." For years, security experts have debated the concept of using good worms to seek and destroy malicious worms. Some believe that it's time to use the worms' tactics against them [2] and build good worms that fix problems but the chaos and confusion associated with self-propelled replicating programs have left others unconvinced. Aitel is among those who believe it is "inevitable" that worm technology can significantly reduce the cost of disinfecting and maintaining a corporate network. "We already have a proof-of-concept that can take a very simple exploit, go through a few steps and, in a matter of minutes, create a working nematode," Aitel said. He took the name for the concept from the pointy-ended worm used to control pests in crops. "We can generate a nematode any way we want. You can make one that strictly controls, programmatically, what the worm does," Aitel explains. Aitel, who did a six-year stint as a computer scientist at the NSA (National Security Agency) before moving on to work as a code-breaker for research outfit @Stake Inc., is adamant that nematodes can provide the answer for lowering security costs. He sees a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings. During his Hack In The Box presentation, Aitel outlines the reasons for creating nematodes and displayed strict protocols that can be used to control the beneficial worms. He said nematodes can be automatically created from available vulnerability information and even showed off a new programming language to create the worms. Aitel acknowledged potential problems with the concept, noting that worms are very hard to write and use large amounts of network bandwidth. Because worms are harder to target and control, he noted that IT administrators live in constant fear. The concept includes the use of "Nematokens," servers that are programmed to only respond to requests from networks cleared for attacks and the NIL (Nematode Intermediate Language) that can be used as a specialized and simplified "assembly for worms." The NIL can be used to convert exploits into nematodes quickly and easily. In some cases, Aitel believes that exploits can be written to NIL directly to simplify the process even more. This will be part of your security team's toolkit," Aitel argues, noting that his company's work is "research-level proof of concept" that details the theory and theology of using beneficial worms. "If you look at the security cost of maintaining a large network, most CIOs agree its way above what they want to pay. With this [nematode] concept, you can take advantage of automating technologies to get protection for pennies on the dollar. That's the drive behind developing a lot of these new forward-looking technologies," Aitel said. "Nematodes are a step beyond the next step. We're two stages away from using this," he added. "The goal has always been to build the network that protects itself automatically with automated technologies. We're certainly not more than five years away from this sort of technology becoming something that you can buy." "We already have an engine that takes exploits and turns them into worms and does it in a way that allows you to inject control mechanisms into that. That's something that will appeal to businesses. [1] http://www.immunityinc.com/downloads/nematodes.pdf [2] http://www.eweek.com/article2/0,1895,1037004,00.asp _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Oct 05 2005 - 21:33:56 PDT