BioSec 2012: Consolidated Notes
Below is a summary of what was discussed in the 2012 run of Biological Approaches to Computer Security, organized by topic.
(Cheryl: I think a topical organization is easiest and clearest, but if you have other ideas feel free to go with them. I just made up some topics off the top of my head, please use ones that make sense based on the notes you find. Look at all of the pages linked to from the top-level biosec page: the notes for the first weeks, the misc notes pages, and the individual student pages. Please condense or drop stuff that is too detailed (particularly notes on evolution).)
Evolution
Biological Diversity
Software Diversity
Malicious code/organisms
Homeostasis/feedback
Cell Communication
Hormone: messenger molecule
- creates localized state change
- kind of an interface to the cell
- hormones mediate reactions
Crosstalk:
- different hormones interfere with each other
- a given receptor can be activated by different molecules
- a molecule can activate different receptors
- the network begins as a fully connected graph, and then connections are pruned away
- crosstalk is why drugs have complicated and unpredictable side effects
We could consider the "drug discovery problem" to be equivalent to the "computer security problem".
- Engineering challenge
- every input is connected to every output
- through trial and error, select for the pathways that work
- moral of the story: there needs to be more coupling than we think in computer
- we need to allow for feedback loops, running parallel to the main operations
- Metabolic diseases are really receptor diseases
- the question is "what receptor does it target?"
- this is why viruses only affect certain tissues: the tissues where the receptors are located are affected
- some diseases (such as avian flu) can be caught by humans from animals, but not spread between humans
In this chapter the differences between cellular communication and the communication that takes place in computer programs was discussed. In cellular communication, the process seems to be top down: all links are established, then some are pared away. In computer programs, the process is bottom up: links are established on an as-needed basis. My first thought is that having more links could be a security problem - if you want information to stay where it's put, not having many links seems to make sense. However, having a system with more links could allow for more feedback and could potentially better support an evolutionary system.