THE NEW PARADIGM - INTRUSION FREE SOFTWARE

by BERNARD A HODSON

The Information Technology industry today is plagued by a variety of problems: insecure operating systems, viruses, worms, spam, identity theft, intrusion into personal systems, wireless data interception, satellite data interception, hackers. The costs to industry are high, and hackers and viruses have played havoc with business activity. Security threats to individuals, companies and countries are increasing. It is high time that we addressed potential solutions and acted upon those that offer the most promise. One possible solution is to develop hardware and software based on the ideas of Alan Turing, a British Scientist, who is regarded as the father of software.

Turing advocated a system made up of a finite and relatively small number of building blocks which could be used to construct any and all applications by linking together the building blocks needed to carry out the application. At first nobody believed it possible but the technique has been used on a smaller scale over the years and proven to be workable. The Turing building blocks were expected to be in machine language. In the approach described in this short article Turing's concepts have been significantly extended by developing a numeric code for each building block, resulting in a system which uses hardly any machine code, and which eliminates the need for an operating system.

The system is static, never changing, so offers nothing that can be used by hackers, virus generators and other nefarious individuals to intrude on personal or business systems. The architecture for such a system will now be described.

Expandable Language

Applications are built by using a simple set of rules which can be in any ethnic language. The statements describing an application are translated to a very concise string of unique numbers. This set of numbers is transferred to the system when complete. Any machine can be used to do the translation, and it could even be done manually, the rules being very simple. This part will be public domain and is completely independent of the target computer for the application. The implication, which is true, is that the string of number will run on any computer that has a run system based on the paradigm. Moreover, because of the condensed numeric structure hundreds of applications can be stored in a small memory space.

Run System

A virtual run system exists to process the string of numbers generated by the translation process. To do this it uses a numeric system which uniquely identifies every process needed within an application, making it very tiny. Only one or two thousand bytes are needed for an 8 bit RISC chip, three or four thousand bytes for a microcomputer with more functionality. The unique coding system makes for fast running applications. New capability can be added without affecting what has previously been developed.

The run system is static, no changes to the code occurring during a run, so that there is no possibility of intrusion. It is small enough that it should be capable of being proven error free. The run system consists of about 30 small segments in machine language, the number of modules depending on the functionality included. Most of the modules are independent of each other, requiring only a few bytes of machine code. Most of the modules are concerned with data moves and with arithmetic and logic routines, being identified as all that were necessary from a review of many applications in a business environment.

Language elements

Every application consists of a string of language elements which may be associated with parameters such as numbers or variable names. With the exception of numeric data and literals each language element and variable is converted to a single character.

Each language element is associated with a number and associated with it is an internal string of numbers which define the needs of the element in terms of run processing. This string is itself quite small. New language elements can be added without in any way disturbing what has previously been developed, enabling the system to grow without fear of making redundant what has been developed previously.

Internal Elements

In assessing a suite of application programs it became evident that only a small number of basic functions were in use, reused in a similar form over and over again. From this it was possible to identify the reusable modules which were needed to build any of the applications studied, to which were added others as development proceeded. Modules can be augmented without affecting what has been developed previously, enabling a controlled development of the concept to take place. In early work these modules used native machine code extensively, until it was realised that a numeric code was simpler and would do just as well.

What makes the approach very worthwhile, making for a very small finished product, is that the internal modules can be structured in a pyramid, each level of the pyramid having a greater sophistication, with the bottom of the pyramid handling the modules of the run system while higher levels of the pyramid are a mixture of lower level and run system modules. This enables what would be huge monstrous applications in the conventional approach to be reduced by several orders of magnitude, leading to the elimination of the operating system, which will no longer be needed.

Multiple Applications

Most applications are compact with the numeric code structure and many applications can be resident simultaneously, from a few score on smart cards with their limited real estate, to several thousand on larger systems. Another useful feature is that the multiple applications do not have to be in the same ethnic language. Even within a single application it is possible to use more than one ethnic language through the use of synonyms.

Development Strategy

The standard now proposed is essentially a numeric table with a small number of associated modules that decode the numbers and carry out what previously has been done by computer instructions. The language modules will grow very slowly as the concepts are accepted by industry, the numeric elements on a more accelerated basis as the functionality is enhanced. It is possible, with the approach outlined, to consider this as a single, unchanging technology, that can accommodate all current and future application needs, from the molecular needs of nanotechnology to the mathematical expansion requirements of the most powerful super computers.

It will take several years for these concepts to become dominant in the industry but dominate it they certainly will. In the first instance they should be adapted to microcontrollers for smart cards and embedded systems, which constitute over 90% of all installed computers, but which are not dominated by monopolistic software vendors, and where only limited interaction is required between processors. The numerical approach should be introduced to the embedded systems arena by specific industries such as the automotive or aerospace.

Having successfully been introduced at the microcontroller level it could then move to the larger systems, at first integrating with their various operating systems, but then replacing them, as they will become redundant. Again it would best be done by industry (servers, graphics, video etc.) but after successful implementation with the microcontroller world most industries will, by that time, be ready to move.

Free from Viruses, Worms, Hackers and Identity Thieves

One of the reasons that worms and viruses continue to exist is that the current software approach is based on computer language requiring a huge infrastructure. The complexity of the operating systems used is such that it is impossible to guarantee that there are no security loopholes. These loopholes are then exploited by nefarious persons to introduce code which is sent around the world, which can cause millions of users systems to be compromised, and which can create a national security risk. Until this vulnerability is erased no user, no company and no country is safe from vicious attacks on its computing lifeblood.

One of the reasons for moving to the numeric approach is the need to get away from this multitude of problems. The numeric approach offers:
  1. A very small run system which is static, with no opportunity to introduce spurious code, especially if check sums are included.
  2. A highly efficient run system which can be encrypted if necessary.
  3. A static set of elements which numerically describe suites of applications in a form where each number within an element points directly to the run system process required.
  4. A static set of numeric elements which can be verified through check sums.
  5. Even in the unlikely event that a spurious number was introduced into a numeric element, without affecting the check sum, applications would abort, due to the critical relationship that exists between each number within the element structure.

Security

The one area where the numeric system does not have full control is in the numeric stream code generated by the translator. Even here, however, the generated application code stream does not have access to the numerical elements nor to the small run system machine code. Neither, when multiple applications are running, can the data from one application corrupt the data from another application, with the exception that some applications will share data.

Error Free

Although the analysis has not yet been done it is believed that the run system is so tiny that it could be proved to be error free. In a similar way so could each of the numeric elements making up the internal modules. Numeric elements and the run system are static so that, once verified, there would be little need, if any, for further verification.

Chip Creation

The entire system can be placed on a chip and the chip can be used in a variety of systems. It is possible to develop a set of internal modules to process MPEG and JPEG files (it has been done) but it makes more sense to create a platform containing a chip to do that controlled by the system described in this paper, on the same chip. The same can be done for games, high speed telecommunication and other power computing needs. Whether or not this is done the system as developed in this paper represents the creation of a Universal Turing Machine.