RESEARCH ARTICLE


Knowledge-Based Programming for the Cybersecurity Solution



Stuart H. Rubin*
Space and Naval Warfare Systems Center Pacific, San Diego, CA 92152-5001, USA


Article Metrics

CrossRef Citations:
0
Total Statistics:

Full-Text HTML Views: 1065
Abstract HTML Views: 602
PDF Downloads: 358
ePub Downloads: 162
Total Views/Downloads: 2187
Unique Statistics:

Full-Text HTML Views: 627
Abstract HTML Views: 427
PDF Downloads: 281
ePub Downloads: 114
Total Views/Downloads: 1449



© 2018 Stuart H. Rubin.

open-access license: This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International Public License (CC-BY 4.0), a copy of which is available at: https://creativecommons.org/licenses/by/4.0/legalcode. This license permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

* Address correspondence to this author at the Space and Naval Warfare Systems Center Pacific, San Diego, CA 92152-5001, USA; Tel: (619)553-3554; E-mail: stuart.rubin@navy.mil


Abstract

Introduction:

The problem of cyberattacks reduces to the unwanted infiltration of software through latent vulnerable access points. There are several approaches to protection here. First, unknown or improper system states can be detected through their characterization (using neural nets and/or symbolic codes), then interrupting the execution to run benchmarks and observe if they produce the states they should. If not, the execution can be rewound to the last successful benchmark, all states restored, and rerun.

Methods:

This will only work for cyber-physical systems that can be rewound. Benchmarks will often include sensory information. The second approach is termed, “semantic randomization”. This is similar to the well-known compiler technique known as “syntactic randomization”. The significant difference is that different variants of the algorithm itself are being automatically programmed. Cyberattacks will generally not be successful at more than one variant. This means that cybersecurity is moving us towards automatic programming as a desirable consequence. Knowledge-Based Software Engineering (KBSE) is the way to achieve automatic programming in practice.

Discussion:

There is non-determinism in the execution of such systems, which provides cybersecurity. Knowledge-based algorithmic compilers are the ultimate solution for scalable cost-effective cybersecurity. However, unlike the case for the less-secure syntactic randomization, the cost-effectiveness of semantic randomization is a function of scale. A simple randomization-based automatic programming method is illustrated and discussed.

Conclusion:

Semantic randomization is overviewed and compared against other technologies used to protect against cyberattack. Not only does semantic randomization itself, or in combination with other methodologies, offer improved protection; but, it serves as the basis for a methodology for automatic programming, which in turn makes the semantic randomization methodology for cybersecurity cost-effective.

Keywords: Automatic programming, Code benchmarks, Grammatical inference, Knowledge-Based Software Engineering (KBSE), Search control knowledge, Semantic randomization, Syntactic randomization.