An Interview with a Computer Scientist
Anil Somayaji is fascinated by sex. Not the way most computer scientists – or people, in general – are. He is interested in sex from a defence standpoint. Somayaji and Saran Neti, one of his Master’s students, believe they have found a way to better defend the security of computer systems we rely on everyday. The answer: Sex.
Somayaji began his time at MIT in biology. After switching his major to math, he was on track to complete his undergraduate degree as a pre-med. That was when he began to explore different research fields.
The first field he found was called computational biology – a way of applying computers to analyzing biological problems. The Human Genome project is a classic example of work in this field, he said.
“I saw that and I thought…meh, kind of boring,” he said with a shrug. “But then there was this other field called artificial life.” This was a later offshoot of artificial intelligence that studied how to create computer systems with lifelike properties, he said. Today, this is a common thread that runs through Somayaji’s research. He studies the way computers programs work based on our knowledge of living systems.
For the purposes of the project he worked on during the summer, sex is the biological means of creating diversity. Diversity is very important to the security of a computer program. He used agriculture as an analogy. “If you grow a whole field of wheat and everyone is growing the same kind of wheat everywhere, when some disease comes along, it doesn’t just kill one field – it kills everyone’s field.”
As he explained, he erased several equations off the whiteboard and began drawing circles to demonstrate the host/vulnerability relationship, crisscrossing lines to show how – in the current model for programming – several host programs will have common vulnerabilities.
The trick is figuring out how many different kinds of programs (wheat) are necessary to ensure that they are no longer vulnerable to the same kinds of attacks (disease). Somayaji said often programmers are more focused on cutting down the total number of vulnerabilities. If they instead focused on making sure each program had different or obscure vulnerabilities, it wouldn’t matter if there were more of them – one attack couldn’t compromise the security of multiple programs. In other words, they wouldn’t lose all their wheat to one disease.
Somayaji is also working with some other students on automating the diversification process in programs. In plain English, they found a way to breed programs the way you would breed puppies. “How do you customize an animal?” he asked, “You don’t understand the way a dog works but you can still breed away yappiness.” If the research ever gets to a phase where it can be implemented, it will be possible to slightly modify the essential characteristics of a program without rebuilding (or even understanding) its source code – the most basic foundation for any program.
His thoughts on sex and diversity stem from, what he hypothesizes to be, the essential function of sex. For Somayaji, sexual reproduction is primarily a defence. Otherwise, it doesn’t make sense, he pointed out. Compared to asexual reproduction it is extremely wasteful. Simply speaking, “half of the population [men] can’t have offspring,” he said. “We reproduce every 20 years, bacteria reproduce every 20 minutes. In terms of an arms race they can beat us every time.” Unless, he chuckled, we have that diversity.
Though computer security is Somyaji primary interest, living systems can be very helpful for understanding other aspects of computer systems. For example, the way the brain and the immune system work can be thought of as a kind of computation he said. However, it would be an oversimplification to think of these systems as fleshy programs. Living systems are far more “contingent”– everything is naturally connected. Computer systems are the opposite – everything is separate except for the things that need to be connected. “That way we can understand what they do,” he said.
But computer programs aren’t always that simple. This is where Somayaji comes in. He’s trying to understand what computers do rather than what they can do. “Because when you’re dealing with millions of lines of code in systems, no human understands it,” he said. “We just know that it works.”