HP aims to fox hackers with 'non-stick' Dynamic Defence tech

HP Labs is using randomisation to divorce applications from their infrastructure, in an attempt to prevent hackers from mapping out an approach and so make it harder to mount targeted attacks

HP is experimenting with randomising technologies that it hopes will add another layer of protection against hackers trying to pry open a business's IT infrastructure.

The 'Dynamic Defence' technology is being worked on by HP Labs in Bristol. The technique, which involves redesigning the way applications talk to one another and store information, is designed to make corporate IT much harder to hack, according to Richard Brown, a senior research manager in HP's Cloud and Security Lab.

HP's technology relies on making it much harder for intruders to become familiar with a business's IT applications and infrastructure, by constantly shuffling the ports, bits of memory and network that applications use, he told ZDNet UK on Tuesday.

"If a thief was going to do a hit on a particular road, he would do his homework, he would do his reconnaissance, he would work out when people come and go, whether dogs were there, and at an appropriate time would launch an attack," Brown said.

"If there was no real pattern to any behaviour on that road, it would make it a lot harder for that attacker to be absolutely confident that he could get in, take what he wanted to take and get out. That's what we're trying to do with the infrastructure, we're trying to take out that predictability and some of that capability that allows attackers to do long-term reconnaissance."

Experimental technology

The experimental Dynamic Defence technology uses a variety of techniques to change how corporate IT behaves, Brown said. For instance, HP shuffles IP addresses and even bits of the code itself — via Address Space Layout Randomisation — to make it harder for attackers to get a grip on a particular application.

We're trying to take out that predictability and some of that capability that allows attackers to do long-term reconnaissance.

– Richard Brown, HP

"We're looking particularly at randomising code — changing the memory layout and footprint of applications and services," he said. "A lot of attacks rely on certain memory layouts in order to plant things on the memory stack."

"Think of our infrastructure as a non-stick infrastructure," he suggested.

Brown acknowledged that the technology could introduce other challenges, as it increases the overall complexity of the IT infrastructure. However, "if you're always making [technical] information invalid, it does inherently make the infrastructure more secure", he noted.

At the moment, Brown is working on a concept HP is calling 'forensic virtual machines'. These are lightweight virtual machines, roughly equivalent in technology to Bromium's MicroVMs, and in the future they will be seeded throughout applications to provide a secure oversight of the health and integrity of systems. Ultimately, HP hopes forensic VMs will be used to provide an early-warning system to help administrators detect unusual behaviour on their infrastructure and find exploits more quickly.