Tom Temin So what are you trying here in cyber security that hasn’t been thought of already?
Howard Shrobe Well, actually, this is a very old idea. And the analogy would help if you think about the way we build ships. The goal, of course, is for them not to fill up with water. And so we try to build them with strong hulls that are hard to penetrate. But we don’t stop there. We also build it into compartments that can isolate the flow. So the analogy to software systems or to computer systems more generally is, the attackers may get in, but we don’t want them to be able to advance from one place to the next. And so this idea of compartmentalization has a realization by breaking systems up into small pieces, each of which executes only with the privilege it really needs to do its job. And that principle goes back a long, long time in computer science. But it’s always been impractical, in fact, to enforce it because the overhead is too high. So the approach we’re taking is to use novel computer architectures, novel extensions to current conventional architectures to make the enforcement easy.
Leave a reply