Carnegie Mellon Press Release: November 20, 2003
Carnegie Mellon Press Releases

Back to Press Releases

Carnegie Mellon News Service Home Page

Carnegie Mellon News

8 1/2 x 11 News

News Clips

Web News Stories

Calendar of Events



Press Release

Contact:
Chriss Swaney
412-268-5776

For immediate release:
November 20, 2003

Carnegie Mellon's Integrated Product Development Course Receives Innovative Curriculum Award

PITTSBURGH—Carnegie Mellon University professors Mike Reiter and Dawn Song are studying "cyberdiversity" in a collaborative effort with the University of New Mexico. Their research is designed to ward off attacks by worms, viruses and other cyberintruders.

Reiter and Song seek to reduce computer vulnerability by automatically changing aspects of a computer's software to render its software configuration different from other computers. Their goal is to ensure that an attack against one computer can't be automatically replicated against a large number of computers, thereby considerably slowing large-scale attacks.

"We are looking at computers the way a physician would look at genetically related patients, each susceptible to the same disorder," said Reiter, a professor of electrical and computer engineering and computer science at Carnegie Mellon and associate director of CyLab, a Carnegie Mellon initiative focused on advancing cybersecurity technology and education.

"In a population, one member may fall victim to a pathogen or disorder, while another might not have the same vulnerability," Reiter said.

"Adapting this idea in biology to computers may not make an individual computer more resilient to attack, but it aims to make the whole population of computers more resilient in aggregate," said Song, an assistant professor of electrical and computer engineering and computer science at Carnegie Mellon.

"We are trying to develop approaches to automatically diversify computers so that attackers will have less information about each individual computer and will have to attack each computer differently," she said.

The Internet worm Code Red, for example, infected more than 300,000 systems in less than 13 hours by attacking one major vulnerability. In the case of Code Red, that vulnerability was placing more data into a memory than the memory could hold.

Earlier approaches toward software diversity attempted to develop the same software using independent development teams, so that the independent versions would guard against different sets of vulnerabilities. But that approach was both costly and time consuming, researchers said.

The three-year, $750,000 research project, is being funded by the National Science Foundation, an independent federal agency that supports fundamental research and education across all fields of science and engineering.

###

Other Carnegie Mellon News || Carnegie Mellon Home