Traditional security issues are security issues naturally occurring, non-traditional security issues now are man-made, such as the things done by hackers or deliberate human security issues at this time would become the Safety Security. Security for how to do it? Generalized robust control is the means, the effect obtained is endogenous safe.
Generalized robust network control and security challenges
Generalized uncertainty disturbance is defined as follows: if the target object exists only inside certain traditional types of uncertain disturbance factors (eg reliability issues, physical failures), there are also unknown attacks disturbance for system hardware and software vulnerabilities such as backdoor "dark function" (man-made), we call generalized uncertainty disturbances, including human disturbance dark features.
Generalized uncertainty exists generalized disturbance robust control. Robust broadly defined as follows: if there is a generalized robust control structure, i.e., can be maintained in some conventional types of uncertainty perturbation given function or performance within the design margin, and the like can also be based vulnerabilities within the system back door to maintain the "dark features" uncertainty offensive role given function or performance. If you have the capability, we say it has a "generalized uncertainty disturbance suppression" function can also be called "generalized robust control structure."
The origin of the problem of security in cyberspace
Because the hardware and software design flaws or vulnerabilities caused by security flaws can not be completely avoided. Product provider by design or inadvertently introduced into the industry environment hardware and software code that has "dark function" nature can not be completely eliminated. In the foreseeable future, lack of technology and methods, can not be exhaustive or to conduct a thorough investigation of the target system and logic problems in your code defects. Cyberspace can not give strict practices as well as its code of conduct, including accurate, reliable means of supervision. Trying through legal means to solve these problems is unlikely.
Traditional robust control structure inability to perceive real-time "known unknowns" or "unknown unknowns", academician Wu Jiang Xing This is the network security community's unique expression, this is not a non-traditional influence to disturbances, thus traditional Lu rod control generalized uncertainty does not have the ability to inhibit disturbance. That is no way to control the traditional robust to disturbances Fu Guangyi, this is a worldwide problem.
This is a hardware and software product design, manufacture and use of existing vulnerabilities or security flaws, industrial or ecological issues in cyberspace, real-time control can not be generalized because the internal hardware and software products of Uncertainty, along with the rapid expansion of cyberspace, security threats has become diffuse problem, the threat of diffuse throughout cyberspace.
So this Pandora's Box opens. Cyberspace naturally occurring "Achilles' heel" and now from chips to software components to the device, to the cloud, industrial control equipment, network router / switch, so much equipment to come we will ask them credible? It is safe? Robust control it?
A complex control system or device as long as there is a design flaw or mixed with a malicious code that may lead to suffer object code. Because of lack of prior knowledge can not perceive the real-time hardware and software problems or cognitive-based implementation of the code of unknown attacks, forced into a "not armed" state. Not that we do not want to fortification, is not fortified. For the attacker, it has a "one-way transparent" action advantage, he can see, buried vulnerabilities and take "collaborated with the hidden" attacks. So we can see that the quality of the hardware and software security issues will inevitably become the "Achilles' heel" of cyberspace.
Now IT / ICT generalized robust control information system functional status
The existing Generalized robust control function can do is based on the robust control threats or disturbances characterized by perception. The first is the perception of robust control, the need to obtain information about the uncertain disturbances through real-time perception, such as the source of attack, attack signatures, penetration approach, aggressive behavior, the mechanism of attack, the target environment. To achieve robust control, real-time requirements must be addressed robust control. Because the hardware and software of the target object itself can neither be generalized perception just to disturbances, they can not use the real-time robust control techniques to suppress unwanted internal perturbation, thus existing IT / ICT / ICS and other information processing or control system does not have a generalized robust control function.
The effectiveness of add-on defense depends on the completeness and accuracy prior knowledge of perception, it belongs to remedy the situation type of acquired immunity, even if the introduction of dynamic defense (the Americans presented a moving target defense) or encrypted authentication mechanism. If it is a function that is based on the penetration of attacks, both problems are powerless to prevent both questions is of no use. Dynamic defense authentication and encryption, based on penetration attacks for backdoor function can not help it, because it is collusion.
Additional Formula defense system itself generally does not have control generalized robust. So there are two issues, the need to protect the object itself is not generalized robust control function, as its guard nor generalized robust system control functions, the security system itself is unsafe.
Generalized absence of robust control dilemma
One can not design the software and hardware "No loophole back door". Second, there is no a priori knowledge of support under the circumstances, I do not know what is "disturbed behavior" in order to intercept and block, do not know what is disturbing behavior is not acceptable. Third, the "one-way transparent" condition could easily aimed using vulnerability and the rear door lock system, except for the dynamic defense capability. Fourth, the "collaborated" occult attacks can easily bypass any form of additional defenses, including the use of encryption, cryptography. Because the encryption algorithms have on the CPU and chip, there is no question it does not know.
The more generalized lack of robust control hardware and software products, ecological environment-related industries more harsh, cyberspace has become a vicious circle unavoidable trend. To make matters worse, because there is a recognized world problems, not real-time perception, so software and hardware product providers around the world do not have to worry about being held responsible for the safety of their products due to quality defects. What Microsoft has done since its vulnerability compensation for it? Recall it? Intel had heard it would compensate for his shortcomings? In the world of commodities, product quality problems manufacturers are responsible, you can at this point, all IT manufacturers can be held responsible for his safety and quality. Of course, not reluctant responsible, because the worldwide problem is not resolved, there is no way responsible. Therefore, the "Pandora's Box" both in concept or in fact are open.
Core network security space is always flies bite seam eggs, core or internal cyberspace security issues, "not to force", neglect of resistance. There is no way to solve this problem, such as a relatively correct perception of axioms and uncertain disturbances.
This is groping in the dark. "Unknown" and "uncertainty" in the philosophical sense generally belongs to the category of relativity, because of the perceived limitations of space and cognitive means, when humans did not invent the microscope, we do not know is how viruses and bacteria going on, when we did not design space telescope did not know the Earth around the sun, that the scope of the position and uncertainty is relative.
Everyone there is this or that shortcoming, but independent accomplish the same task, most people in the same place, same time, made exactly the same mistake situation rarely occurs. It is an axiom, I named it "relatively correct" axiom. It has a precondition, that is to say for the individual members, complete the task independently is a high probability event, able to fulfill the mission is a small probability event, the blind do not let him finish the thing. That there is no collusion, collaboration cheating problem, only in this case relatively correct axiom is true.
Based on this axiom we have several inferences
Corollary one: from the members of individual behavior, although the shortcomings or mistakes diversity, there is uncertainty, but at the time of independence to accomplish the same task a, viewed from the group level, rarely at the same time, made exactly the same mistake at the same occasion , the trend to availability probability expression, which is available from uncertainty to the probability of expression. It is common to get the results of the defect and "privately series" behavior as long as the member does not exist between tasks, under relatively correct axiom application scenarios, uncertain behavior of individuals can be fairly correct determination mode at the group level perception. An uncertain thing can be converted into something relatively determined by the relative correct axiom.
Inference II: fairly correct properties with the quantum superposition. Relatively correct perception of the result, is relatively correct, correct sensing result of uncertainty is a high probability event, the uncertainty is a small probability event, perceived uncertainty about the outcome is right and wrong exist, just different probabilities.
Corollary 3: sensing result of "confidence" strongly associated with the following factors: the number of (redundancy) independent members of the operation, the task of participating members Matter difference (heterogeneous degrees), the level of detail (the task is completed questionnaires or indicators how many items such as decision tables, the sample space), select the item index and ring set (or highest score lowest score, or take the middle value, or to a weighting, which is voting policy).
Corollary four: change the perception of the nature of the problem can be transformed into a scene. We transform it from a single space to the multidimensional space, from conversion homogenization process the scene to deal with multi-scene functionally equivalent, to the subjective perception of the relative populations of sub-consciousness from the individual, from the concerned local effect to focus on the global situation situation. After we transform these issues, previously unknown, the previous uncertainty may have become known and determined, which is perceived converted scene, perception means the conversion, the conversion conditions perception, perception of the nature of the problem changed. Therefore, the original scenario can not be perceived to disturbances of cognition problems can be relatively equally plausible scenario into question the perceived probability of having property.
Axiom equivalent scene perceived failure uncertainty practical application, called dissimilar redundant architecture DRS. The architecture of the last constraints are various parts of the system appear uncertain physical failure is a small probability event, the uncertainty caused by the disturbance component design flaw is a small probability event. In the case of the establishment of two constraints, uncertain component or design defects caused by disturbances it can be converted into functionally equivalent, heterogeneous redundancy, system-level quality and robustness of the available expression relative probability judgment scene.
This configuration obtained on mature B-777 and F-16 aircraft application, the insufficient reliability in the case, configured with innovative to solve the problem, the failure rate can be controlled system 11 are below the negative power of 10 and 10 8 negative power, which none of the flight control system components reach this level at the time, but the system is constructed using technology to achieve, and that is relatively correct form of expression can process the equivalent of uncertainty and the unknown converted into controllable probability problems.
Decision security configuration, structure and mimicry endogenous Safety Effect
Decided to construct safe, regardless of A1, A2 or Ai in what vulnerabilities backdoor Trojan virus, regardless of whether they have any kind of behavioral characteristics, as long as the output vector can not simultaneously produce a fully or multiple errors will be found multimode voting system and interception. It turned out that two problems can not normalized, uncertain failure is a physical problem, uncertain threat is man-made problem. This normalization produce internally generated security mechanism is known or unknown personalized attacks and disturbance factors determinate or indeterminate, can be constructed DRS perceived as reliability and the probability of having controllable properties. We are very generous heart to getting things.
DRS traditional voting, the limitations of endogenous security mechanisms, due to the uncertainty and static configuration, components and mechanisms, so that it can not deal with "cooperative cheating" or "trial and error" attacks. Now vote in radiation UI. Cooperative cheating No, it's endogenous security mechanisms do not have the endogenous stability robustness, if you do cheat it does not have the stability robustness. So how do? We want to transform the look, so use redundant architecture. The input sequence, executable by isomerization of m, it has no stability robustness, then look to transform it into a robust dynamic redundant architecture, where increasing the negative feedback and a feedback controller. What effect is the increase in future? Under certain conditions can have some uncertain stability, asymptotic convergence adjustment and dynamic characteristics remain the same, which is to deal with "trial and error / coordinated attack" robust stabilization function, which is able to deal with co-DHR assault and assault trial and error, the mechanism is not allowed. DHR structure having a normalized treatment efficacy, both stochastic differential inside the target object (hardware) failure is unknown differential attacks, based on whether the target object is dark or internal function penetration attacks external attacks, whether it is not the traditional the disturbing problem of determining the unknown or non-traditional security threats, in short, can be converted to stable quality and robustness robustness issues and deal with it.
Visualization configured mimicry. Given an unchanged service function of the target object is in the running scene uncertainty of the state, the probability of any individual's body for the implementation of uncertain attack was first constructed perceived as relatively mimicry events group level, and can be converted into reliability of control events. It is the effect of endogenous non-cooperation under conditions of dynamic multi-objective concerted attack. By a loophole or a back door, back door or by several vulnerabilities to attack fingering produce consistent results, this flaw is of no use in the mechanism of the attack has been denied out. So, generalized robust control attributes of mimicry architecture that can carry highly reliable, credible, high availability Trinity services, particularly in the industrial control system, since it can not attach too much of a firewall, intrusion detection, intrusion tolerance this set . So, we can solve this problem with the Trinity mimicry architecture, without going through additional forms.
Robust control mechanism
By scheduling strategy to mimicry community, give it a proxy input conditions, each doing different things, different algorithms, according to the results show that the output ruling status feedback, inappropriate and back. This mechanism, mimicry scene scheduling principles, with the appropriate defense scene to deal with the corresponding threat of attack, in mimicry zero environment is not a problem, but with the rapid avoid problems. Soldiers to downshift, water to soil cover, is not a panacea, not the case as long as the A, B, when the situation rows, B can be the case. Unknown threats, including mimicry is constructed to disturbances occur simultaneously converting the majority of one-time error probability sector in mimicry and has a reliability problem, which is the largest of the proposed state structure discovery.
Uncertainty effect. Mimicry also has this feature, since any exploration, trial and error attacks or disturbances may lead to changes in current service scene, no different with the uncertainty principle, etc. by way of password brute force way on the mechanism, because it is a physical problem, the problem is not the calculation method . Produce generalized robust control mechanisms of mimicry structure, neither dependent attackers prior knowledge and behavioral characteristics information, nor on additional or external defense mimicry safety effects of effectiveness. It is a broad sense should take effect within a safe mimicry effect, not deliberately get it out of. Endogenous security objectives, determine the risk of the target object can respond to vulnerability backdoor functions such as dark or uncertainty caused by the threat, the effectiveness of endogenous security mechanisms, independent of any external means of defense or a priori knowledge, not to the system hardware and software safe and reliable as a precondition to adapt to economic globalization and the environment, both external attacks but also anti-anti inside job, security systems means can be controlled tube-based, naturally the integration of additional security measures and get super nonlinear defense effect. Its heterogeneity can increase its heterogeneity through additional defensive measures, if the isomerization between isomers of infinity, then its security is infinite. With high reliability, high credibility, robustness and service control functions availability Trinity, with traditional encryption and authentication methods to crack crash once different, even if they are successful only once, very low probability.
Therefore, the security of things can be calibrated design, the broad measure of the robustness of the category verifiable. The number of defensive mimicry scenes, scenes dissimilarity between the defense, multimode output vector content abundance, ruling space and award strategy, mimicry community setting level, multi-dimensional reconstruction scheduling policy and strategy, robust control algorithm can adjust its probability. Robust construction quality mimicry of stability robustness and services can be calibrated design, can be used to verify the reliability of the classical theory and injection testing methods to verify and measure not allow hackers to test.
To date, there is no apparatus or an information service network security device broadly acceptable robustness injection test and measurement (white box), comprising a moving object as represented by various defense MTD dynamic defense authentication or encryption, trusted computing class the bottom line of defense. DHR structure built on the theory of technological innovation on the basis of cross-cutting, in order to correct the relative axiom as the core to the main line system engineering theory to dissimilar redundant architecture and robust control theory and technology, in order to verify the reliability theory and method for the qualitative and quantitative testing and evaluation methods. Not a quantitative test mimicry to solve the problem, you can use probabilistic representation, mimicry effect of intensive construction, the integration of active and passive defense, security and reliability of the endogenous integration, service delivery and security integration, anti-infiltration and anti-external attack integration.
Mr. Qian Lao systems theory has a great influence on me, to be mimicry effects of state security structure formed by endogenous mechanisms for self-controlled, safe and reliable way to open up an implementation based on a systems engineering theory and methods.
Of course, because of mimicry to isomers, such isomers brought redundancy, size, cost, power consumption and increase the design complexity, the need to achieve another aspect of the innovation, but mimic the system under the same conditions with a conventional functional properties integrated system unparalleled cost advantage. 0day at least no problems, no escalation vulnerability database, there is no question of amending the virus database, there is no problem of anti-virus software upgrade. Therefore, to grasp mimic this condition, need to rely on hardware and software diversity, diversification of supply chains and fast formula industry environment.
And how to ensure that one yuan of reciprocity in the open environment, which is both scientific issues are also technical problems. In any case, different areas face different challenges to achieve technology, a combination of theory and practice level still need to continue to improve or re-innovation.
NSFC innovation group project to study network security and defense mechanisms of the body as an innovator. Last December 18 Science Press published "Introduction to cyberspace mimicry defense," the book subverts the principle of current attack code defects of hardware and software around the target object and method of theory and proof of principle level. Key national development plans - advanced defense technology testing ground is completely mimicry of network equipment, which will completely offset technology pioneer and market monopoly by hidden loopholes, implanted Trojan-way transparent strategic advantage obtained. Key national research and development program - endogenous active defense industrial security systems, focusing on how to use mimicry structure transformation and upgrading of the industrial area of technology products to solve the problem of industrial systems generally lack the endogenous defense, of course, the end of the underground black market of service attacks, hacker attacks, building industry 4.0 manufacturing China 2025 era Trinity endogenous three high security and a new generation of industrial control systems and equipment.
In the field of network infrastructure, military, operators, control field, field of electronic business, the financial sector in the pilot demonstration, some time ago, formally launched mimicry domain name server. Prospects mimicry fixed very bright, it is a gene structure, permeable, universal chip, module, open source software and hardware, the intermediate platform, the system network, inheritance, intensification effect, it has a fissile effect. Thus, the theory and method proposed state construction audiences hardware break "feature dark" control can not be recognized problem, that the application of generalized robust control hardware and software products and method of shielding possible security flaws.
One of the wings of study General Secretary, the two-wheel drive development strategy for the development of a new generation of civil-military integration and information technology industries, overtaking lane changing and dynamic market providing innovative driving force. On the IT / ICT / ICS / CPS and other technology industry development, China is expected to become a leader in technology.
The core intellectual property rights, including patents at home and abroad, our authorized mimicry technology and industry innovation alliance member units free of charge, a new form of intellectual property and licensing those authorized on the basis of shared IP and the latter only retained profits and the right to voluntarily give up the implementation of individual rights, in order to ensure exclusivity. There are already more than 60 units have signed a licensing agreement the core. Mimicry structure very wide range of applications, has a large enough space to accommodate the large number of technological innovation to maximize market participants to attract domestic and foreign forces to participate in the development of industrial innovation mimicry technology.
Calibration and Verification
Mimicry generalized configuration usually only increases the robustness of the product, and therefore relates to all existing product specifications or standards, such as routers according to the standard of the Ministry of test, and then measured after the test finished generalized robustness. Functional performance of defensive mimicry increment of standards or specifications and approvals issued by the State Secrecy Bureau, which is responsible for product testing center complex type of testing that the relevant standard. With the authority of the State sector-led technical standards and testing standards to ensure the health of the market, through the Internet test is mimicry, did not pass on it is not. Mimicry and service control systems are separate, and now the Internet is just mimicry behind the increase a structure, the owner of the technology industry has applied innovative first-mover advantage.
There are also commercial leverage. Due to the robustness of the generalized mimicry construction product is designed calibration, verifiable metrics, belong to the actuarial probability range, meet the basic requirements of insurance services. So we know, the next step only give generalized robust actuarial registration of various types of mimicry products, and through the State Secrecy Bureau certification testing center, the insurance industry is willing to provide services related to insurance, including reinsurance services, we can use the insurance level leveraging industrial development and promote the application of mimicry technology.
With the support of the insurance industry, mimicry products will gain market first-mover advantage, and force non-generalized robust control products to upgrade as soon as possible. Once people come mimicry firewall, you still use the traditional firewall, users certainly not with you, because there is a firewall mimicry insurance company, you do not have insurance. Therefore, the insurance industry has opened up a channel technology IT / ICT / ICS technology products and control devices, leveraging our disruptive technology to the insurance industry, the insurance industry to help network security incremental market development, market demand nurturing new technologies maturity and development.
This is our road map for industrial development. I boldly predicted, "avalanche movement" will take place the traditional IT industry, a new generation of generalized robust security attributes have endogenous control hardware and software products will be driven by the rapid rise in the Program for the Development of the network this strategy and will result in existing markets pattern "reshuffle."
This article Source: civil-military integration and technological innovation information platform