In this day and age of enormous technology innovation it comes as no surprise that security experts and researchers are increasingly looking at the very essence of human nature, the body and other behavioural traits to develop some of their latest offerings.
And why not, as throughout millions of years our bodies have been able to protect us against diseases through our own highly developed and complex security (immune) systems.
The flip side is that although our bodies are optimised for security, our daily behaviour doesn`t necessarily mirror it. This may seem like a contradictory statement, but the reality is that although we`re all made of the same stuff, it is our behaviour that brings out the best and worst in us.
So how does research really benefit from us? Well on a physical level, research teams are doing some breakthrough work on building an "artificial immune system" for intrusion detection systems based on the knowledge derived from the human immune systems.
Body positive
The project is based on the controversial concept in immunology called "danger theory". This suggests that the human immune system is alerted by a complex system of signals and weighs the danger depending on their origin, seriousness and frequency, rather than the relatively simple equation of distinguishing between self (the body) or non-self (a foreign object) as previously thought.
People, who are part of any system, are always going to be the weak point in a security system.
Karel Rode, business technologist at Computer Associates Africa
Equating that all to security systems, most primitive intrusion systems can only determine threats by recognising incoming malicious code, which makes them less effective than those systems that gather information from a variety of sources.
In the human body, dendric cells (DCs) are the garbage collectors that roam the body. When they are triggered, they turn into fighter cells and attack the infection. For example, DCs are seemingly able to assess threats because they can tell the difference between tissue undergoing natural cell death, inflammation or an attack.
This distinction is critical, which is why researchers are trying to reproduce this ability in an artificial immune system.
Behaviour negative
Despite the above work, daily security still needs to deal with that human element: behaviour. People, who are part of any system, are always going to be the weak point in a security system.
The human factor is the underlying reason why many attacks on computers and systems are successful. It also comes into play when security policies and procedures are created and implemented - many potentially exploitable loopholes appear at the drafting stage.
Another good example is how users treat confidential information. Who would leave their keys in the outside lock, or hang them on a hook where anyone could take them? However, many systems use an empty password, or the user`s name as a password, making it extremely easy to access the system.
Also, let`s look at a scenario where the administrator requires users to have passwords that are difficult to guess, and therefore better from a security point of view. A good theory, but often we see secure passwords written on a piece of paper, left lying on the user`s desk, or stuck to the monitor. It`s not surprising that malicious users take advantage of this situation.
Although the human body is a fine research specimen, the very essence of our behaviour mitigates it. And where does this leave us? Well as researchers and developers, we have to do the best we can without forgetting for a second that everyone is human after all.
Share