In my previous article, I gave a Basic Introduction to Computer Virus and explained the definition and concept of recursive replication put up by Fred Cohen, which is also known as the Cohen Model.
Definition of a Computer Virus by Adleman
The theme of computer viruses has never been central to Leonard Adleman (co-author of public key encryption technology and winner of the Turing Award 2002), which pays much more attention to other problems of information technology, mathematics, and molecular biology. But as a result of working together with Cohen, he found it necessary to write and publish the work “An Abstract Theory of Computer Viruses” later, in 1990. The Adleman model is very different from Cohen’s model. But for this model, an evidentiary conclusion is made about the impossibility of solving the problem of recognizing an arbitrary virus.
Adleman, as a professional mathematician, gave a definition of the virus in categories and terms of recursive functions. For the definition, a new concept was involved – the initial and yet uninfected program.
The virus was defined as a recursive function that corresponds to some of the described criteria and performs mapping (“map”) of one program to another, considered to be infected.
As the actions of the infected program, Adleman called “damage” (information that this program has access to), “infection” (other information objects) and “imitation” (normal behavior of the original, uninfected program). As in Cohen’s works, the virus is considered in connection with the environment (one function – in interaction with the other). Recursive replication remained the defining criterion of a virus, and the other determining criterion was the harmfulness (which, by the way, it is rather difficult to understand and use as a practical algorithm in the Adleman model).
The definition of Adleman is extremely broad and abstract. We cited a reference to the original work so that readers could independently draw conclusions about how this definition is proportionate, complete, accurate and applicable to real computer viruses in the real world 20 years after publication.
In 2005, Chinese researchers Zhihong Zuo, Mingtian Zhou, and Qing-Xin Zhu published the work “On the Time Complexity of Computer Viruses“, which extends the Adleman model to complex types of viruses, in particular on polymorphic viruses. This required a significant complication of the model but did not change its essence. The work confirms the previous conclusion about the impossibility of recognizing an arbitrary virus, more precisely – on the possibility of the existence of viruses that can not be recognized in the frame of the model.
In the work of Adleman, two things seem to be especially important to us. First, as a strategic – and, in fact, the only – means of protection from viruses, he quite rightly called complete and unconditional isolation of the computer, i.e. closed environment (as for alternative methods of protection, the work only raised the question of how real they are). Secondly, the scientist has shown the need to involve the concept of the original, uninfected program as a mandatory condition for the definition of the virus.
Recall that the isolation of computer systems with respect to viruses always means the mutual isolation of systems controlled by different hosts. Of course, there is no need for mutual isolation of the individual elements of any closed system that is under the complete control of one master. The owner programs his own system as he sees fit (this is the difference between the owner and the nominal owner). Therefore, it is hardly possible to use the notion of “harmfulness” outside the social context, exclusively in technological categories: no processes of changing programs and data are “harmful” in themselves.
To be Continued…
Alex Bod is a cybersecurity expert and the CEO of Bod Security, Bod Intelligent Antivirus provider company.