Home‎ > ‎Current Projects‎ > ‎

Symbiotic Embedded Machines




Abstract: We propose a biologically inspired, host-based defense mechanism which we call “Symbiotic Embedded Machines” (SEM). SEM, or simply the Symbiote, is a code structure which mimics the biological phenomenon of Defensive Mutualism, and stealthily resides within, but is autonomous from, its host program. Unique instantiations of the same Symbiote are functionally equivalent but are polymorphically mutated and injected into the host program in a randomized fashion. The Symbiote tightly co-exsts with arbitrary host executables in a mutually defensive arrangement, sharing computational resources with its host while simultaneously protecting the host against exploitation and unauthorized modification. Unauthorized removal or deactivation of the Symbiote renders the host code inoperable and is infeasible through online attacks. The Symbiote can reside within any arbitrary body of software, regardless of its place within the system stack. Indeed, the same defensive Symbiote can be used to protect device drivers, the kernel as well as userland applications and even other Symbiotes. In this paper we describe the generalized concept of Defensive Mutualism and demonstrate the potential of Symbiotes using a proof of concept implementation that protects network routers. We demonstrate the operation of a generic whitelist-based rootkit detector Symbiote injected in situ into Cisco IOS with negligible performance penalty and without impacting the routers functionality. This proof of concept Symbiote is invisible to the host devices OS and is OS agnostic. We discuss the performance overhead of our Symbiote on physical Cisco hardware. Our MIPS implementation of the Symbiote used for IOS has been ported to ARM and injected into a Linux 2.4 kernel, allowing the Symbiote to potentially operate within Android as well as a multitude of mobile computing devices. The installation of a Symbiote onto Cisco IOS is fully automated and has been demonstrated on multiple IOS images. The use of Symbiotes represents a practical and effective protection mechanism for a wide range of devices.
Comments