Printer Friendly
The Free Library
14,716,216 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

The dangers lurking in military software production.


The Dangers Lurking See lurk.

(messaging, jargon) lurking - The activity of one of the "silent majority" in a electronic forum such as Usenet; posting occasionally or not at all but reading the group's postings regularly.  in Military Software Production

Viruses, Trojan Horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
  • AIDS
  • Beast Trojan
  • Bifrost
  • Generic8.
 and Logic Bombs

Virtually all modern weapons systems incorporate semi-automatic computerized sub-systems or are computer-run in a fully automatic mode in order to achieve the shortest possible reaction time. For example, the nav/attack systems of contemporary aircraft rely for many tasks on computer inputs, and combat aircraft of the latest generation can be flown only with the assistance of computers. The General Dynamics General Dynamics Corporation (NYSE: GD) is a defense conglomerate formed by mergers and divestitures, and as of 2006 it is the sixth largest defense contractor in the world[1]. The company has changed markedly in the post-Cold War era of defense consolidation.  F-16C employs roughly 300 processors, while the original F-16A design of 10 years ago had only 50 processors. Actually, the number of processors is irrelevant because without the appropriate software they remain inert slices of silicon. For efficient operation the 300 processors of the F-16C require more than 230 000 lines of computer code which have to be compiled with meticulous care by a large team of programmers and engineers. Larger combat systems require considerably more lines. The Rockwell B-1B bomber's computers come to life with about 1.5 million lines of code The statements and instructions that a programmer writes when creating a program. One line of this "source code" may generate one machine instruction or several depending on the programming language. A line of code in assembly language is typically turned into one machine instruction.  (incidentally three times the number required by the earlier B-1A). The combined software requirements of a cruiser for operating its weapons, navigation, surveillance and communications systems are approximately of the same order. For the SDI (1) (Serial Digital Interface) A physical interface widely used for transmitting digital video in various formats. For electrical transmission, it uses a high grade of coaxial cable and a single BNC connector with Teflon insulation.  system it is estimated that at least 10 million lines are needed. It becomes obvious that the reliability and efficiency of any computerized weapon system rests on the expertise and meticulously performed work of the software engineers, and last but not least, on the thorough testing of the finished software product before delivery. The user of the weapon system, be he a pilot or a ship's captain, is forced to place his blind confidence in the software's integrity, the integrity of which he cannot fully test and verify. The crucial test will arrive in combat when the fate of the aircraft or ship will hang on the faultlessly fault·less  
adj.
Being without fault. See Synonyms at perfect.


faultless·ly adv.  operating software of its computerized systems.

Bugs

Faults in the software, referred to as bugs, have caused and still cause major damage to computer systems. Apart from incorrect inputs by human operators, bugs in the operating or application software have been at fault for gross miscalculations, scrambling of stored memories, or total collapse of complete networks. Bugs are quite often nothing more than design mistakes or oversights - as trivial as a misplaced mis·place  
tr.v. mis·placed, mis·plac·ing, mis·plac·es
1.
a. To put into a wrong place: misplace punctuation in a sentence.

b.  comma. Every computer user knows that a minor punctuation mistake in a printing command sequence may have drastic consequences. In essence, such mistakes usually do not get corrected until it is too late. On the military level few facts have become known about damage caused by bugs, possibly because their mundane nature was embarrassing or because the consequences were too serious. For instance, an unconfirmed rumour has it that the loss of the "Sheffield" during the Falklands conflict was due to a bug in the radar extraction software, which prevented the detection of the approaching Exocet missile. The crash of the Swedish JAS-39 Gripen prototype was clearly traced to a software fault. It is quite likely that other fly-by-wire operated military aircraft have been lost when a bug in the software caused the computer to issue wrong commands. Two USAF F-117 stealth fighters crashed under almost identical circumstances diving at full power straight into the ground. The cause might have been a bug in the computerized flight stabilisation system which is needed to fly the aerodynamically highly unstable aircraft. Paradoxically, the F-117, as all other fly-by-wire aircraft, features up to four identical redundant computer networks operating on different channels. However, these networks run on the same software - which if bugs are present will generate identical failures.

Although the consequences of bugged software may be grim, at least they are not intentional. This is not so with purposely sabotaged software. This can be done in a number of ways, of which the best known are "Trojan Horses", "Logic Bombs" and "Reproducing Viruses". The virus method is the basis of all other approaches.

Virus programs have since been entered by cleverly written software into numerous computer systems including supposedly secure ones such as US Government and NASA NASA: see National Aeronautics and Space Administration.
NASA
 in full National Aeronautics and Space Administration

Independent U.S.  networks. Industry has been hit repeatedly by virus infections.

Viruses

A virus is essentially a malicious bug placed on purpose in a software system in the guise of seemingly harmless code lines, a method called "Trojan Horse See Trojan.

Trojan Horse

hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad]

See : Deceit


(application, security) Trojan horse ". This can then degrade TO DEGRADE, DEGRADING. To, sink or lower a person in the estimation of the public.
     2. As a man's character is of great importance to him, and it is his interest to retain the good opinion of all mankind, when he is a witness, he cannot be compelled to disclose  the software's performance or even destroy it. If the Trojan Horse and a Reproducing Virus are coupled with a date at which they go into action or if they are set to respond to an external cue, then they become "Logic Bombs". A reproducing virus is capable of proliferating rapidly in other computer network programs and systems infesting whatever software it comes in contact with. Such viruses have one property in common with the Trojan Horses, which are usually even better camouflaged. They are very difficult to discover, and scientists agree that in more complex software systems detection is virtually impossible until it is too late to prevent an infection. Artificial intelligence and different software design procedures may eventually offer a solution.

For the military the danger posed by virus infections is always present and difficult to control. A software engineer or programmer working for a hostile nation may be instructed to enter carefully designed virus programs into military software. Hidden among the 230 000 code lines needed by the computers of the F-16, for example, which also handle the navigational system Noun 1. navigational system - a system that provides information useful in determining the position and course of a ship or aircraft
Global Positioning System, GPS - a navigational system involving satellites and computers that can determine the latitude and , the virus may command that to fail as soon as a certain geographical longitude longitude (lŏn`jĭtd'), angular distance on the earth's surface measured along any latitude line such as the equator east or west of the prime meridian.  or latitude is entered. Or the artificial stabilisation system may collapse with the introduction of a reproducing virus, inevitably causing the loss of the aircraft. Faults may also be written in "intermittent-sleeper" format. They would enter into force at specific dates and times, but after a random time-span would return to sleeper Sleeper

Stock in which there is little investor interest but that has significant potential to gain in price once its attractions are recognized. Antithesis of high flyer.  status, thereby making discovery of the fault virtually impossible. A missile guidance system A system which evaluates flight information, correlates it with target data, determines the desired flight path of a missile, and communicates the necessary commands to the missile flight control system. See also missile control system.  may contain a virus commanding it to guide the weapon towards non-existing targets or an artillery fire-control system
Note: the term "fire control" may also refer to means of stopping a fire, such as sprinkler systems.


A fire-control system is a computer, often mechanical, which is designed to assist a weapon system in hitting its target.  to give commands to the guns to aim short of the intended target. The faults will be blamed initially on the hardware, and it will take considerable time before the existence of a virus in the software is suspected. Even if suspicion turns certainty, the most intensive simulation and testing will not discover the virus because the commands needed or issued by a computer system do not follow logical paths in the processors. It has been calculated that in a standard navigation and guidance system up to 10 [sup.18] possible paths must be tried, which at one test per microsecond One millionth of a second. See space/time and ohnosecond.

(unit) microsecond - One millionth (10^-6) of a second.  would take almost 320 000 years to complete!

To guard against the possibility of high-tech sabotage virtually all ministries of defense have issued guidelines and directives on how to make critical software trustworthy. How this is done varies from country to country, but the British approach seems to be the most complete so far. It is due to go into effect in the 1990s. Called DefStan 0055, it will apply to all software written for the British forces. The proposed standard calls for the appointment of software safety assessors collaborating with each project team. It is envisioned that a completely independent organisation will be formed eventually, employing highly skilled specialists. If this should not be feasible, then the safety assessors would have to come from a rival manufacturer (which is liable to create commercial confidentiality problems). The proposed standard also includes the use of specific testing methods and software tools, a large measure of automation, and last but not least extensive training of all those involved. Courses and degrees at universities on software safety are even being considered.

Proliferation proliferation /pro·lif·er·a·tion/ (pro-lif?er-a´shun) the reproduction or multiplication of similar forms, especially of cells.prolif´erativeprolif´erous

pro·lif·er·a·tion
n.  

Before examining possible virus countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare.  some particulars of its nature have to be explained. A virus is a program which need not necessarily but can infect other software, or which can carry its message into other programs of a predetermined pre·de·ter·mine  
v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines

v.tr.
1. To determine, decide, or establish in advance:  nature. A virus does not require to be inserted at the design stage of a program; it can be added at any opportune op·por·tune  
adj.
1. Suited or right for a particular purpose: an opportune place to make camp.

2. Occurring at a fitting or advantageous time: an opportune arrival.  occasion, e.g. during software maintenance or updating. In its simplest form the virus consists of two sub-routines and one main program. The latter calls up the sub-routines in the requisite order and acts as coordinator during the infection process. The first sub-routine contains the order to infect either all files or a number of selected executable program See executable code.  files which carry specific designations. A reproducing virus also checks first whether the file has already been infected. It recognises this with the help of a short code which is left as a marker during a previous infection. The use of such a code is essential because a multiple infection would inevitably lead to early discovery of the virus, the reason being that, however compactly written, the virus program would extend the run-time of the program.

The second sub-routine contains the damage command whose activation may be datelined and/or respond to other cues, also called "triggers", which are unwittingly entered by the computer's operator. In automated military systems these may also be generated by sensor inputs, firing commands, geographical locations or any other input which passes through the computer for processing. The damage may range from a message on the monitor saying "Peace on Earth", which is obviously disturbing enough during a combat situation, to faulty information, garbled displays and commands, or in the worst case to the elimination of all stored files. If the virus program has been written into the operating system operating system (OS)

Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs.  software, it will multiply rapidly in the application software and automatically enter all stored files run on the computer, unless the virus' radius of action The maximum distance a ship, aircraft, or vehicle can travel away from its base along a given course with normal combat load and return without refueling, allowing for all safety and operating factors.  has been limited by its designer to infect specific file groups only. The latter is an additional obstacle to discovering the virus. If all storage files and application software are infected, discovery is more likely than on a small number of rarely used files, such as actual firing sequences for missiles and the like. A cueable or datelined virus entered via the operating software might lie dormant Verb 1. lie dormant - be inactive, as if asleep; "His work lay dormant for many years"  in an application software niche until this particular routine is called up and/or the dateline has been reached. Then it will begin its destructive activity. If the processor is working at maximum capacity a reproducing virus would then infect the computer and its software within minutes. The result would be the elimination of all files running in the system and their replacement by meaningless symbols. After it has done its damage and run out of files it can self-destruct, eliminating any trace of its existence. Subsequent investigation will reveal no clue about the origin of the malfunction mal·func·tion
v.
1. To fail to function.

2. To function improperly.

n.
1. Failure to function.

2. Faulty or abnormal functioning. .

An additional danger posed by manipulated software is that the virus will spread to other networks with which the infected net exchanges information, and which presumably pre·sum·a·ble  
adj.
That can be presumed or taken for granted; reasonable as a supposition: presumable causes of the disaster.  uses the same software. In military service, where usually a common software is used, such as ADA Ada, city, United States
Ada (ā`ə), city (1990 pop. 15,820), seat of Pontotoc co., S central Okla.; inc. 1904. It is a large cattle market and the center of a rich oil and ranch area.  in NATO NATO: see North Atlantic Treaty Organization.
NATO
 in full North Atlantic Treaty Organization

International military alliance created to defend western Europe against a possible Soviet invasion. , it may be hidden in the software used by a maintenance computer for testing a combat aircraft's nav/attack systems. The infected software, while aligning its operation with that of the software of the aircraft, will discover that the infection code lines are missing and, according to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  the commands written into the virus program, copy them at once!

The problem of detecting virus additions in a software package is, to use a mathematical term, "undecidable Undecidable has more than one meaning:

In mathematical logic:
  • A decision problem is called (recursively) undecidable if no algorithm can decide it, such as for Turing's halting problem; see also under Decidable.
": i.e. there is absolutely no algorithm (or program) possible which is capable of establishing whether any random program has been infected by a virus or not. Though this does not seem plausible it is a grim mathematical reality on which potential saboteurs can rely. The fact that a detecting algorithm cannot be developed does not mean, however, that after the identification of its code a virus cannot be eliminated. Once the code is known, the computer can be ordered to search all files for it and delete it. But discovering the code amounts to finding a needle in the proverbial haystack. The virus can be designed to change its format with each reproduction. A very simple virus can be transformed into an "intelligent" one by adding a random number generator A program routine that produces a random number. Random numbers are created easily in a computer, since there are many random events that take place such as the duration between keystrokes.  requiring only one additional line of code. In this case the most diligent search for a virus will prove fruitless, even if the original code has been found. Any attempt to discover sleeper viruses by searching for their possible function is also hopeless as no one can know what this function might be. A number of other approaches to virus detection have been suggested but they have proved to be either "undecidable" or impractical.

Remedies

There are only two - granted tenuous - methods of detecting or preventing a virus infection. The first is to make absolutely sure of software integrity at each step of its production and to carry out a thorough test before it leaves the design offices. The second method is the use of a non-algorithmic approach. This possibility is offered by artificial intelligence, i. e. expert systems which solve problems by mimicking human logical reasoning The three methods for logical reasoning, deduction, induction and abduction can be explained in the following way: [1]

Given preconditions α, postconditions β and the rule R1: α ∴ β (α therefore β).  without resorting to algorithms and which solve difficult problems by applying facts and rules drawn from a knowledge base stored in the computer system. The artificial intelligence software base must be designed to contain all available knowledge about computer viruses, their propagation and action modes. Once a solid base has been established, additions of new facts and discoveries should become routine.

The first method is without any doubt preferable but may be difficult for the simple lack of capable programmers. The demand for software is said to be growing at the rate of 25% per annum Per annum

Yearly. , but the number of programmers is only increasing about 4% annually. Industry thus has to employ programmers who may not meet the high standards of individual integrity and reliability required. This in turn increases the danger of infiltration of the software design institutions and firms by potential agents and saboteurs.

This well-known problem has led to different approaches in software design. It can safely be said that, in spite of the application of computer-aided software engineering See CASE.  (CASE) techniques, existing management of software production is primitive compared with other aspects of modern computer technology. It is like getting a large number of knitters to work on a different part of a vast pullover without knowing what the others are doing. The resulting distortions may mean unravelling the whole garment to try and trace the fault and still not finding the one purl or plain that went wrong.

It is reckoned that correcting software system mistakes is anywhere between 50 and 100 times more expensive than doing so when most of the errors are made, namely during the design phase. To carry the above analogy further, what is needed is a stitch-by-stitch quality control performed at the work station of each knitting expert.

It is obvious that the most important requirements for achieving a high quality software are excellent communications among the programmers and engineers during its design phase and full documentation of every step in the design process. This has led to the development of PDLs (Page Description Languages A high-level language for commanding a printer to print text and graphics on a page. The two major languages are Adobe's PostScript and HP's PCL, which are device independent and supported by most every printer. ) which assist in creating and documenting complex software designs and provide communication channels between all the participants. The PDL See page description language.

1. PDL - Page Description Language.
2. PDL - Program Design Language.
3. PDL - Push Down List.
4. PDL - Dave Lebling, one of the co-authors of Zork.  method combined with CASE is now widely used and has helped enormously to improve productivity and final quality control. This work with smaller projects but is not adequate for software with a million lines of code or more. In the early '80s a new type of PDL became available: this uses an interactive, on-line approach capable of monitoring via computer channels the activity of all programmers working on even the largest project.

Apart from greatly facilitating editing, it also offers continuous multi-user design analysis, which means that even with hundreds of people working on the software a perfect linkage between all its elements is achievable since the combined product is automatically and consistently tested for omissions, wrong syntax or mistakes - and last but not least, for undesirable tampering tampering The adulteration of a thing. See Drug tampering. .

However, even this almost tamper-proof system has flaws which can be utilized by the clever saboteur. This has led to the design of chips which are resistant to accepting foreign or false information. This means that the standards hitherto applied for software design and writing have to be modified. It is also possible to write the software right into the mechanical design of the chip. This technology is well in hand and is found in every digital device which cannot be programmed, i.e. a read-only memory See ROM.

(storage) Read-Only Memory - (ROM) A type of data storage device which is manufactured with fixed contents. In its most general sense, the term might be used for any storage system whose contents cannot be altered, such as a gramophone record or a printed book;  (ROM). Such chips might have to be designed for the most critical subsystems of weapon systems.

Another option is to use optical disks in ROM format for all critical software. If this disk has been checked out thoroughly and the software has been produced under the above-mentioned conditions, any later addition of a virus during software maintenance or modification is impossible. Optical disks are 100% tamperproof tam·per·proof  
adj.
Designed to prevent tampering or provide evidence of tampering: tamperproof aspirin containers.  but they lack the flexibility of RAM (Random Access Memory)-oriented software. Thus a part of a weapon system's software has to be in RAM format, and even if this is infected, the virus will not be able spread to the ROM sections. The military are not enchanted en·chant  
tr.v. en·chant·ed, en·chant·ing, en·chants
1. To cast a spell over; bewitch.

2. To attract and delight; entrance. See Synonyms at charm.  with this solution because an optical disk and its ROM files are hard to destroy to prevent the information from falling into enemy hands. With magnetically stored software this poses no problem.

Several other approaches are no doubt being tested and may have been introduced to produce tamperproof and bug-free software. Most counter-measures are naturally Top Secret. An absolutely secure software may never be possible as the saboteur will always try to be a step ahead of the security engineer. The whole problem has thus developed into a permanent battle of wits Noun 1. battle of wits - a contest in which intelligence rather than violence is used
contest - a struggle between rivals  for the highest stakes, fought in the abstract environment of mathematics.

PHOTO : The B-1B is heavily "computerized" and thus depends on software for functions like

PHOTO : nav/attack, aerodynamics aerodynamics, study of gases in motion. As the principal application of aerodynamics is the design of aircraft, air is the gas with which the science is most concerned. , engine, etc.

PHOTO : CIMSA-SINTRA produces this powerful and fast 15M-125X naval weapon system computer and

PHOTO : part of its software.

PHOTO : Modern missiles like the Trident use densely packed computers for which totally bug-free

PHOTO : software is a prerequisite.

PHOTO : The General Dynamics F-16, seen here in a high angle of attack manoeuvre, requires 230 000

PHOTO : lines of code to run the 300 processors of its electronic systems.

PHOTO : Siemens offers computer-based graphic control tools operating interactively with

PHOTO : light-pens or mice. They vastly improve productivity in the design of software

PHOTO : Computing Devices produces this Milipac artillery fire-control computer. Where there is

PHOTO : little or no second-chance option a zero-fault software is a sine qua non [Latin, Without which not.] A description of a requisite or condition that is indispensable.

In the law of torts, a causal connection exists between a particular act and an injury when the injury would not have arisen but .

PHOTO : This central avionics computer built by Texas Instruments See TI.

(company) Texas Instruments - (TI) A US electronics company.

A TI engineer, Jack Kilby invented the integrated circuit in 1958. Three TI employees left the company in 1982 to start Compaq.  features high-density packaging

PHOTO : and ease of maintenance thanks to the use of line-replaceable units.

PHOTO : Hughes, under a Krupp-Atlas Elektronik contract, has built for the German Forces a number

PHOTO : of Remus mobile test stations for checking software of fielded systems.
COPYRIGHT 1989 Armada International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:includes related article
Author:Geisenheyner, Stefan
Publication:Armada International
Date:Oct 1, 1989
Words:3153
Previous Article:Conventional short take-off and landing aircraft; could they be really on their way out?
Next Article:Battle-tanks: makes a 3rd generation? (making improvements)
Topics:



Related Articles
Facing Reality: The Future of the U.S. Nuclear Weapons Complex.
The United States, Japan and Asia: Challenges for U.S. Policy.
Downstream trout swim but can't hide.(prey of trout warned by chemical signals)(Brief Article)
Protecting Children on the Electronic Frontier A Law Enforcement Challenge.
From Maria Stukel. (Letters to the Editor).
Letters.
MUCH POWER IN EAST WEST'S `PASSION'.(U)(Review)
Flashlight Fighting.(Flashlight Fighting: How to Make Your Pocket Flashlight a Take-Anywhere Self-Defense Weapon)(Brief article)(Book review)
Flashlight Fighting.(Flashlight Fighting: How to Make Your Pocket Flashlight a Take-anywhere Self-Defense Weapon)(Brief article)(Book review)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles