Mobile Devices Are Mobile Code
By Michael Nygard, Mon Oct 09 00:00:00 GMT 2000

Almost every corporate network today looks like a vast, sprawling amoeba. A handful of firewalls (sometimes just one!) defend the interior of the amoeba from the harsh environment. Damage containment inside the amoeba is virtually unheard of. An intruder with access to the network and two floppies can collect every server and database password in the company. And Bluetooth can provide just that access.


Inside the protective cell wall, the viral DNA begins to subvert the cell's infrastructure. The original nucleus still functions, busily transcribing base sequences into messenger RNA, completely unaware that the invading DNA is also encoding its own proteins. A biological virus consists of a protein coating and a strand of dormant DNA material protected by the protein. Most of the time, this virus is completely inert. Like a spring-loaded bear trap, however, part of the protein awaits a trigger. Once triggered by contact with a cell wall, the protein unfolds, piercing the cell wall and injecting the previously inert DNA into the cell.

Cells use the classic "pie crust? defense model. The cell wall exists to keep the cell in and intruders out, but once the outer perimeter has been breached, there is no damage containment whatsoever. One virus can compromise and subvert the entire cell. In a multicellular organism (like us), losing a few million cells is a mere annoyance. Damage within a single cell is complete, but the damage is confined to that cell. (Except of course for the millions of copies of the virus that get released!) To an amoeba, it's a different story.

Almost every corporate network today looks like a vast, sprawling amoeba. A handful of firewalls (sometimes just one!) defend the interior of the amoeba from the harsh environment. Some networks have internal firewalls, so maybe they are like multicellular colony organisms.

Damage containment inside the amoeba is virtually unheard of. Compromise of the cheapest, lowest class PC on the network will eventually hand over the keys to the data warehouse. An intruder with access to the network and two floppies can collect every server and database password in the company. Since many of these exploits are passive, the "nucleus" might remain unaware of the viral DNA for a long, long time.

Maintaining the piecrust defense is hard today, thanks to those pesky users. If all the users stopped downloading "elf bowling" Trojan horses, and they stopped opening email attachments, and they stopped installing ActiveX controls (better yet, if they simply went away), then the piecrust might work. As it is, the piecrust is more porous than a sponge. (I love mixing metaphors: the modern corporate network is an amoeba pie with a spongy crust!)

How much worse would the amoeba fare if its cell wall were supposed to accept some viruses, but not others? Think about network ports in conference rooms; here is an open connection, inside the firewall, just waiting to be abused. More and more facilities provide network access for visitors, as a courtesy. The amoeba opens it's arms-err, psuedopods-to DNA of unknown origin. Since most of that foreign DNA just runs PowerPoint, it usually isn't too harmful. We usually think about network security at the level of abstract connections of electrons or photons. This mundane aspect of physical security is just as important, though.

Today, strange people jacking into conference room ports are pretty conspicuous. Two trends are going to change that. Thanks to Bluetooth, we will have spontaneous, invisible, wireless networks. The viral penetration won't even be noticed until long after the foreign DNA is injected. Second, most people are now carriers of (potential) viral material: PDAs and cell phones. These are the protein sheaths that protect and inject the viral DNA.

I can walk right into the heart of the amoeba carrying any foreign code I can load into 8 megabytes of memory, which is quite a lot. I can inject it directly into the center of the cell, where it can operate invisibly using the cell's own infrastructure.

What defenses can the cell employ?

It can ban viruses. This impractical idea is unlikely to be enforced, and unlikely to be 100% effective. Imagine eliminating the common cold by banning the rhinovirus!

It can prevent the injection of the foreign DNA (Bluetooth security). This seems to be the preferred alternative, but it is unlikely to work in the long run. Why? Because this security must prevent every attempted breach, every day, forever. It has to get lucky every day. Like terrorists, virii only have to get lucky once. Once Bluetooth security (or any other kind) is broken, it is broken forever.

It also can prevent the foreign DNA from doing anything damaging. As with JavaScript security holes in Web browsers, this method is doomed to a losing battle of breach, followed by patch, followed by another breach. There are simply too many access paths, too many states to test for security. In addition, any network that effectively limits the activity of code running on the network will not be useful to its users.

Further, it can abandon the piecrust defense and form internal barriers. Recognizing the certainty of penetration, it can create zones of damage containment, ensuring that the information one could gain by compromising any one compartment is not worth the risk. Some ideal compartment sizes would be one PC or one piconet. If this sounds like a costly strategy, it is.

Our amoeboids may just have to evolve into higher forms to develop an immune system.

Michael Nygard is Chief Scientist at Javelin Solutions, where he analyzes emerging trends in the network economy. His experience runs the gamut, covering scientific, military, financial, educational, banking, and manufacturing applications. Michael is focusing on true integration of wireless devices in the enterprise.