https://homeostasis.scs.carleton.ca/wiki/index.php?action=history&feed=atom&title=EvoSec_2025W_Lecture_1EvoSec 2025W Lecture 1 - Revision history2026-04-22T09:00:55ZRevision history for this page on the wikiMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=EvoSec_2025W_Lecture_1&diff=24950&oldid=prevSoma: Created page with "<pre> Lecture 1 --------- Welcome to Evolutionary Security! - lectures are recorded, but that is just for private use - you'll have access, but they won't be public * Grading, expectations * What this course is about * My history - 1984: first computers (Atari 400, Apple //c, Apple IIgs) - 1989: AI - Medicine + computers? - 1990-1994: MIT - started as biology major, ended up a math major - took premed classes + CS classes (CS theory) - computational..."2025-01-09T22:02:09Z<p>Created page with "<pre> Lecture 1 --------- Welcome to Evolutionary Security! - lectures are recorded, but that is just for private use - you'll have access, but they won't be public * Grading, expectations * What this course is about * My history - 1984: first computers (Atari 400, Apple //c, Apple IIgs) - 1989: AI - Medicine + computers? - 1990-1994: MIT - started as biology major, ended up a math major - took premed classes + CS classes (CS theory) - computational..."</p>
<p><b>New page</b></p><div><pre><br />
Lecture 1<br />
---------<br />
<br />
Welcome to Evolutionary Security!<br />
<br />
- lectures are recorded, but that is just for private use<br />
- you'll have access, but they won't be public<br />
<br />
<br />
* Grading, expectations<br />
* What this course is about<br />
<br />
* My history<br />
- 1984: first computers (Atari 400, Apple //c, Apple IIgs)<br />
- 1989: AI<br />
- Medicine + computers?<br />
<br />
- 1990-1994: MIT<br />
- started as biology major, ended up a math major<br />
- took premed classes + CS classes (CS theory)<br />
- computational biology?<br />
- artificial life<br />
- part of "complex adaptive systems"<br />
- University of New Mexico, Santa Fe Institue<br />
- theoretical immunology<br />
- computer immune system?<br />
- real-time intrusion detection & response system based<br />
on lightweight anomaly detection (pH)<br />
- joined Carleton in 2003<br />
<br />
Why don't other security researchers like the things I like?<br />
- my aesthetics for computer defenses seem VERY different, why?<br />
<br />
Early work was focused on bio-inspired methods<br />
- WAY too easy to do name magic with biological terms<br />
<br />
Metaphors let you map domain A onto domain B<br />
- but what you really want is some common theory T that applies to A and B<br />
<br />
So this course is about that theory, trying to explain and elaborate it<br />
- but I don't have a complete theory yet, I more have an outline<br />
<br />
I think Darwin messed up<br />
- current evolutionary theory isn't wrong, but it misses the big picture<br />
<br />
<br />
What's your job in this course?<br />
- provide feedback on what I say (question, argue against even)<br />
- develop your own ideas<br />
<br />
<br />
* Darwinian evolution<br />
* Artificial life<br />
* Limitations of current computer security theory & practice<br />
* game theory in the context of evolution<br />
* symbiogenesis<br />
* current security arms race<br />
- evidence for evolutionary dynamics<br />
* evolution in other domains<br />
- economics, social organization<br />
- practice of computer security<br />
<br />
<br />
<br />
Limitation of computer security practice currently<br />
<br />
State of the art defenses<br />
- anti-malware<br />
- firewalls<br />
- automated software patches<br />
- automated vulnerability discovery<br />
- multi-factor authentication<br />
- access controls<br />
- immutable systems<br />
- virtualization/confinement<br />
- biometrics<br />
<br />
If you implement all of the above, using "best practices", money is no object...is your system secure?<br />
<br />
Specifically, could an attacker develop an attack that a) bypasses all of these defenses and b) would not be detected later if the attacker is competent (unless someone smart noticed something)<br />
- YES<br />
<br />
<br />
This is not true for biology!<br />
- if things go wrong, your body notices and fights back<br />
- it doesn't always succeed, but it basically always tries<br />
<br />
HOW? WHY?<br />
- and why can't computers do this?!<br />
<br />
It isn't about mechanisms, it is about architecture<br />
<br />
biological systems are robust under evolutionary pressure<br />
- because they had to be<br />
- computer systems aren't<br />
- computer systems + people are<br />
<br />
<br />
<br />
Charles Darwin<br />
- wanted to explain the diversity of life<br />
- how organisms are similar yet different<br />
- maybe where they all came from<br />
- he knew about "artificial selection", animal husbandry<br />
- maybe selection also happens in nature, but "natural selection"<br />
- "survival of the fittest"<br />
- so you have<br />
- a population of diverse individuals<br />
- heritable characteristics (not dependent on life experience)<br />
- some sort of selective pressure<br />
- survival + reproductive pressure<br />
- over time, this will result in a population of "improved fitness"<br />
- conclusion: this is where species came from<br />
<br />
We've created artificial simulations of the above, and it doesn't produce anything like the diversity of life<br />
<br />
What's missing is cooperation<br />
</pre></div>Soma