Cyberspace Mimic Defense: Generalized Robust Control and Endogenous Security
暫譯: 網路空間模擬防禦:一般化穩健控制與內生安全
Wu, Jiangxing
商品描述
This book discusses uncertain threats, which are caused by unknown attacks based on unknown vulnerabilities or backdoors in the information system or control devices and software/hardware. Generalized robustness control architecture and the mimic defense mechanisms are presented in this book, which could change "the easy-to-attack and difficult-to-defend game" in cyberspace. The endogenous uncertain effects from the targets of the software/hardware based on this architecture can produce magic "mimic defense fog", and suppress in a normalized mode random disturbances caused by physical or logic elements, as well as effects of non-probability disturbances brought by uncertain security threats.
Although progress has been made in the current security defense theories in cyberspace and various types of security technologies have come into being, the effectiveness of such theories and technologies often depends on the scale of the prior knowledge of the attackers, on the part of the defender and on the acquired real-timing and accuracy regarding the attackers' behavior features and other information. Hence, there lacks an efficient active defense means to deal with uncertain security threats from the unknown. Even if the bottom-line defense technologies such as encrypted verification are adopted, the security of hardware/software products cannot be quantitatively designed, verified or measured. Due to the "loose coupling" relationship and border defense modes between the defender and the protected target, there exist insurmountable theoretical and technological challenges in the protection of the defender and the target against the utilization of internal vulnerabilities or backdoors, as well as in dealing with attack scenarios based on backdoor-activated collaboration from both inside and outside, no matter how augmented or accumulated protective measures are adopted. Therefore, it is urgent to jump out of the stereotyped thinking based on conventional defense theories and technologies, find new theories and methods to effectively reduce the utilization of vulnerabilities and backdoors of the targets without relying on the priori knowledge and feature information, and to develop new technological means to offset uncertain threats based on unknown vulnerabilities and backdoors from an innovative perspective.
This book provides a solution both in theory and engineering implementation to the difficult problem of how to avoid the uncontrollability of product security caused by globalized marketing, COTS and non-trustworthy software/hardware sources. It has been proved that this revolutionary enabling technology has endowed software/hardware products in IT/ICT/CPS with endogenous security functions and has overturned the attack theories and methods based on hardware/software design defects or resident malicious codes.
This book is designed for educators, theoretical and technological researchers in cyber security and autonomous control and for business technicians who are engaged in the research on developing a new generation of software/hardware products by using endogenous security enabling technologies and for other product users. Postgraduates in IT/ICT/CPS/ICS will discover that (as long as the law of "structure determines the nature and architecture determines the security is properly used), the problem of software/hardware design defects or malicious code embedding will become the swelling of Achilles in the process of informationization and will no longer haunt Pandora's box in cyberspace. Security and opening-up, advanced progressiveness and controllability seem to be contradictory, but there can be theoretically and technologically unified solutions to the problem.
Although progress has been made in the current security defense theories in cyberspace and various types of security technologies have come into being, the effectiveness of such theories and technologies often depends on the scale of the prior knowledge of the attackers, on the part of the defender and on the acquired real-timing and accuracy regarding the attackers' behavior features and other information. Hence, there lacks an efficient active defense means to deal with uncertain security threats from the unknown. Even if the bottom-line defense technologies such as encrypted verification are adopted, the security of hardware/software products cannot be quantitatively designed, verified or measured. Due to the "loose coupling" relationship and border defense modes between the defender and the protected target, there exist insurmountable theoretical and technological challenges in the protection of the defender and the target against the utilization of internal vulnerabilities or backdoors, as well as in dealing with attack scenarios based on backdoor-activated collaboration from both inside and outside, no matter how augmented or accumulated protective measures are adopted. Therefore, it is urgent to jump out of the stereotyped thinking based on conventional defense theories and technologies, find new theories and methods to effectively reduce the utilization of vulnerabilities and backdoors of the targets without relying on the priori knowledge and feature information, and to develop new technological means to offset uncertain threats based on unknown vulnerabilities and backdoors from an innovative perspective.
This book provides a solution both in theory and engineering implementation to the difficult problem of how to avoid the uncontrollability of product security caused by globalized marketing, COTS and non-trustworthy software/hardware sources. It has been proved that this revolutionary enabling technology has endowed software/hardware products in IT/ICT/CPS with endogenous security functions and has overturned the attack theories and methods based on hardware/software design defects or resident malicious codes.
This book is designed for educators, theoretical and technological researchers in cyber security and autonomous control and for business technicians who are engaged in the research on developing a new generation of software/hardware products by using endogenous security enabling technologies and for other product users. Postgraduates in IT/ICT/CPS/ICS will discover that (as long as the law of "structure determines the nature and architecture determines the security is properly used), the problem of software/hardware design defects or malicious code embedding will become the swelling of Achilles in the process of informationization and will no longer haunt Pandora's box in cyberspace. Security and opening-up, advanced progressiveness and controllability seem to be contradictory, but there can be theoretically and technologically unified solutions to the problem.
商品描述(中文翻譯)
本書討論了不確定威脅,這些威脅是由於信息系統或控制設備及軟體/硬體中的未知漏洞或後門所引發的未知攻擊。書中提出了通用的穩健控制架構和模仿防禦機制,這些機制可以改變網絡空間中「易攻擊而難防禦的遊戲」。基於此架構的軟體/硬體目標所產生的內生不確定效應可以產生神奇的「模仿防禦霧」,並在正常化模式下抑制由物理或邏輯元素引起的隨機擾動,以及由不確定安全威脅帶來的非概率擾動效應。
儘管目前在網絡空間的安全防禦理論上已取得進展,各類安全技術也相繼出現,但這些理論和技術的有效性往往取決於攻擊者的先前知識規模、捍衛者的部分以及對攻擊者行為特徵和其他信息的實時獲取和準確性。因此,缺乏有效的主動防禦手段來應對來自未知的不確定安全威脅。即使採用了加密驗證等底線防禦技術,硬體/軟體產品的安全性也無法進行定量設計、驗證或測量。由於捍衛者與受保護目標之間的「鬆耦合」關係和邊界防禦模式,在保護捍衛者和目標免受內部漏洞或後門利用的過程中,以及在應對基於後門啟動的內外部協作攻擊場景時,無論採取何種增強或累積的保護措施,都存在不可逾越的理論和技術挑戰。因此,迫切需要跳出基於傳統防禦理論和技術的刻板思維,尋找新的理論和方法,以有效減少對目標漏洞和後門的利用,而不依賴於先前的知識和特徵信息,並從創新的角度開發新的技術手段,以抵消來自未知漏洞和後門的不確定威脅。
本書提供了一個理論和工程實施的解決方案,以應對全球化市場、商用現成軟體/硬體和不可信的軟體/硬體來源所造成的產品安全不可控性難題。已證明這項革命性的賦能技術為IT/ICT/CPS中的軟體/硬體產品賦予了內生安全功能,並顛覆了基於硬體/軟體設計缺陷或常駐惡意代碼的攻擊理論和方法。
本書旨在為網絡安全和自主控制領域的教育工作者、理論和技術研究人員,以及從事利用內生安全賦能技術開發新一代軟體/硬體產品的商業技術人員和其他產品使用者提供指導。IT/ICT/CPS/ICS的研究生將發現(只要「結構決定性質,架構決定安全」的法則得到正確運用),軟體/硬體設計缺陷或惡意代碼嵌入的問題將成為信息化過程中的阿基里斯之踵,並不再在網絡空間中困擾潘多拉的盒子。安全與開放、先進的進步性與可控性似乎是矛盾的,但對於這個問題可以有理論和技術上統一的解決方案。
作者簡介
Jiangxing WU serves as the Director of China National Digital Switching System Engineering & Technological R&D Center. He was elected as a Fellow of China Academy of Engineering in 2003. As a renowned expert in information & communication and network switching in China, he has played an important role in China and worked as the Vice Director in the communication section and the Vice Director of the Expert Board in the information section in the 8th, 9th, 10th and 11th Five-year Plans of China National High-tech R&D Program (863 Program); he has been the General Director of the High Speed Information Demonstration Network(CAINONet), 3TNet, the Next Generation Broadcasting Network (NGB) and the New Concept High-efficient Computer System and Architecture R&D. He took charge of the New Generation High Credibility Network and Flexible Reconfiguration Network and served as the Director of the Technical Board of the Mobile Communication for the National Key Technologies R&D Program and the First Vice Director of the Expert Board of the National Tri-network Convergence Committee. From 1990s, after the great success of the first high capacity Digital SPC Switching System in China, Jiangxing Wu successively presided over the development of the first high-speed core router in China, the world's first massive Access Convergence Router (ACR) and information communication core infrastructure of the Flexible Reconfiguration Network. In 2013 he first launched the high-efficient computer prototype based on Mimic Computing and the theory of Cyberspace Mimic Defense, which went successfully through the test and assessment in 2016.He was awarded the First Prize for National Science and Technological Progress for three times and the Second Prize for the National Science and Technological Progress for four times in addition to the First Prize of the National Teaching Achievement Award. He received the Prize for Scientific and Technological Progress from Ho Leung Ho Lee Foundation in 1995 and the Prize for Scientific and Technological Achievements from the same foundation in 2015. Wu's team was awarded four times with the First Prize of th National Science and Technology Progress Award, nine times with the Second Prize of the National Science and Technology Progress Award and recognized in honor as the Innovation Team of State Science and Technology Progress Award in 2015.
作者簡介(中文翻譯)
江興武擔任中國國家數字交換系統工程與技術研發中心主任。他於2003年當選為中國工程院院士。作為中國信息與通信及網絡交換領域的知名專家,他在中國發揮了重要作用,曾擔任中國國家高技術研發計劃(863計劃)第八、九、十、十一個五年計劃中通信部分的副主任及信息部分專家委員會的副主任;他還擔任了高速信息示範網(CAINONet)、3TNet、下一代廣播網(NGB)以及新概念高效計算機系統與架構研發的總指揮。他負責新一代高可信網絡和靈活重構網絡,並擔任國家關鍵技術研發計劃移動通信技術委員會的技術委員會主任及國家三網融合委員會專家委員會的第一副主任。自1990年代以來,在中國首個高容量數字SPC交換系統取得巨大成功後,江興武先後主持了中國首個高速核心路由器、全球首個大規模接入融合路由器(ACR)以及靈活重構網絡的信息通信核心基礎設施的開發。2013年,他首次推出基於模擬計算和網絡空間模擬防禦理論的高效計算原型,並於2016年成功通過測試和評估。他三次獲得國家科技進步一等獎,四次獲得國家科技進步二等獎,並獲得國家教學成果獎一等獎。他於1995年獲得何梁何利基金會的科技進步獎,並於2015年獲得同一基金會的科技成就獎。江興武的團隊四次獲得國家科技進步獎一等獎,九次獲得國家科技進步獎二等獎,並於2015年被表彰為國家科技進步獎創新團隊。
