Babel: a secure computer is a polyglot

Why should a user's computer be trusted at all? We propose a new model of the computer, Babel, that makes a user's computer appear as it normally would, but is actually untrusted to the point where it cannot run the code installed on it. Each computer, each process, speaks a different language, and a translator on the network, in the cloud, is needed to allow a user's computer to execute code. This has enormous implications. The user gets continuous protection, and multiple kinds of protection, with no need for security updates or patches. At the same time, the user effectively has an adjustable control that they can set based on their risk assessment and need for privacy. Babel can work perfectly well alongside existing systems, and opens new markets for security.

[1]  Farnam Jahanian,et al.  Rethinking Antivirus: Executable Analysis in the Network Cloud , 2007, HotSec.

[2]  Eskild Petersen,et al.  Inferno , 2013, Travel Medicine and Infectious Disease.

[3]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[4]  Byung-Gon Chun,et al.  CloneCloud: elastic execution between mobile device and cloud , 2011, EuroSys '11.

[5]  Claude Kaiser,et al.  CHORUS Distributed Operating System , 1988, Comput. Syst..

[6]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[7]  Michael Golm,et al.  The JX Operating System , 2002, USENIX Annual Technical Conference, General Track.

[8]  Markus Jakobsson,et al.  Server-side detection of malware infection , 2009, NSPW '09.

[9]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[10]  Michael Franz,et al.  Runtime Defense against Code Injection Attacks Using Replicated Execution , 2011, IEEE Transactions on Dependable and Secure Computing.

[11]  F. J. Corbat INTRODUCTION AND OVERVIEW OF THE MULTICS SYSTEM , 2010 .

[12]  John Aycock,et al.  A brief history of just-in-time , 2003, CSUR.

[13]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[14]  Phil Winterbottom,et al.  The design of the Inferno virtual machine , 1997 .

[15]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[16]  Dawson R. Engler,et al.  The exokernel operating system architecture , 1998 .

[17]  Vasanth Bala,et al.  Dynamo: a transparent dynamic optimization system , 2000, SIGP.

[18]  Lorenzo Martignoni,et al.  A Framework for Behavior-Based Malware Analysis in the Cloud , 2009, ICISS.

[19]  Rob Pike,et al.  The Styx® architecture for distributed systems , 1999, Bell Labs Technical Journal.

[20]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[21]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[22]  Alec Wolman,et al.  The structure and performance of interpreters , 1996, ASPLOS VII.

[23]  James A. Gosling,et al.  The News Book: An Introduction to the Network/Extensible Window System , 1989 .

[24]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[25]  Michael Franz,et al.  Slim binaries , 1997, CACM.

[26]  Mihai Chiriac TALES FROM CLOUD NINE , 2009 .

[27]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[28]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[29]  Alan Jay Smith,et al.  Branch Prediction Strategies and Branch Target Buffer Design , 1995, Computer.

[30]  Alessandro Forin,et al.  UNIX as an Application Program , 1990, USENIX Summer.

[31]  Martín Abadi,et al.  Host Fingerprinting and Tracking on the Web: Privacy and Security Implications , 2012, NDSS.

[32]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[33]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[34]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[35]  John Aycock,et al.  Spyware and Adware , 2010, Advances in Information Security.

[36]  Tibor Gyimóthy,et al.  Survey of code-size reduction methods , 2003, CSUR.

[37]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[38]  Harold W. Thimbleby Can viruses ever be useful? , 1991, Comput. Secur..

[39]  Dusko Pavlovic,et al.  Gaming security by obscurity , 2011, NSPW '11.

[40]  James P Anderson Computer Security Technology Planning Study. Volume 2 , 1972 .

[41]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[42]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[43]  David H. Ackley,et al.  Randomized instruction set emulation , 2005, TSEC.

[44]  Andrew C. Myers,et al.  Secure program partitioning , 2002, TOCS.

[45]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[46]  Andrew S. Tanenbaum,et al.  Operating systems: design and implementation , 1987, Prentice-Hall software series.

[47]  Steffen Rothkugel,et al.  World Wide Web caching: the application-level view of the Internet , 1997, IEEE Commun. Mag..

[48]  Narayanan Vijaykrishnan,et al.  OS-Aware Branch Prediction: Improving Microprocessor Control Flow Prediction for Operating Systems , 2007, IEEE Transactions on Computers.

[49]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[50]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[51]  Christos Gkantsidis,et al.  Planet scale software updates , 2006, SIGCOMM '06.

[52]  James R. Larus,et al.  Broad New OS Research: Challenges and Opportunities , 2005, HotOS.

[53]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[54]  Christopher W. Fraser,et al.  Bytecode compression via profiled grammar rewriting , 2001, PLDI '01.

[55]  R. M. Fano,et al.  Some thoughts about the social implications of accessible computing , 1899, AFIPS '65 (Fall, part I).

[56]  Angelos D. Keromytis,et al.  On the General Applicability of Instruction-Set Randomization , 2010, IEEE Transactions on Dependable and Secure Computing.

[57]  Nancy Paterson,et al.  Walled gardens: the new shape of the public internet , 2012, iConference '12.

[58]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[59]  Eugene Agichtein,et al.  Ready to buy or just browsing?: detecting web searcher goals from interaction data , 2010, SIGIR.