From: Tyler Robison (trobison@cs.washington.edu)
Date: Tue Nov 30 2004 - 23:48:23 PST
This paper begins by describing the Code Red I, Code Red II and
Nimda worms, and then proceeds to consider theoretical worms which could
be much more dangerous, and could spread much more quickly; for these
theoretical worms it suggests a few techniques that could be used in their
design to be faster and more efficient in their task. The paper then
turns to another type of worm, the contagion, and then moves on to ways
that the worm's designer could control and update the worms remotely, via
existing encryption techniques, without letting others do the same.
Finally the paper describes, on a very abstract level, how a 'Center for
Disease Control' could be established to watch for outbreaks and take care
of them.
The bulk of the paper is spent trying to convince the reader that
the internet is very much vulnerable to certain sophisticated attacks,
that such attacks could cause incredible damage both financially and in
terms of national security, and that any day now some new and terrible
worm will emerge and cause enormous damage, and it does a fairly effective
job of it. In my opinion the authors are a bit too paranoid, or possibly
they want spread paranoia to the reader, and while these theoretical
attacks are possible, they aren't necessarily likely to occur.
Nonetheless, that they could happen, and that the Internet really isn't
prepared for such things, is a bit troubling, so the issue is worth
consideration.
The suggested solution of the CDC sounds reasonable, but there are
definite issues concerning privacy that they mention but don't really
explore. For the CDC to be effective it would need to have numerous
machines scattered about, some secret, collecting data on Internet
traffic, trying to detect worm activity, but once something like this is
in place it could easily be used for monitoring traffic for other
purposes, and it could likely go entirely undetected. They don't really
discuss ownership and management of the system much, but there are
potential issues of trust involved with having a single body in charge of
the system.
The CDC certainly feels like the purpose of the paper, as
everything else really just leads up to it, but since only a very abstract
version of the CDC is given, it's hard to comment on it in detail. The
theoretical worm material is substantial, but it is really just used to
motivate the CDC, or at least to motivate some security measures; they are
certainly not designing worms for their own sake. As such, a more
in-depth plan for the CDC should have been suggested. There are numerous
issues that would need to be addressed, such as what happens if a computer
in the CDC is compromised. There would need to be systems in place to
detect with such an event and in some way deal with it.
This archive was generated by hypermail 2.1.6 : Tue Nov 30 2004 - 23:48:23 PST