I'm not sure if we're okay: uncertainty for attackers and defenders

Abstract

Asymmetry and uncertainty have been written about at length in the context of computer security. Indeed, many cutting edge defensive techniques provide system protection by relying on attacker uncertainty about certain aspects of the system. However, with these defensive countermeasures, typically the defender has the ability to derive full knowledge of the system (as is the case in, for example, Instruction Set Randomization), but the attacker has limited knowledge. In this paper, we concern ourselves with the case in which neither the attacker nor the defender have perfect knowledge of the system, but where the level of uncertainty tolerable to both parties is different. In particular, we explore scenarios where the attacker's need for certainty is lower than that of the defender, and ask if non-determinism can be used as a weapon. We provide an example in the malware arena, demonstrating the use of quorum sensing as a potential application of this technique. We argue that this idea of mutual uncertainty is a new paradigm which opens the way to novel solutions in the space.