Immune system whitelisting

September 07, 2006

...

I read an interesting article called The non-denial of the non-self on the web today. An interesting article
about how to secure databases. However, I found it also interesting to read about how the human immune system relates to attackers:

“The immune system is interesting, because it protects its owner from pathogens without needing to know what a pathogen will look like. Instead, it relies on a negative database to tell it what to destroy. It learns early on which biological molecules are ‘self’, in the sense that they are routine parts of the body it is protecting. Whenever it meets one that is ‘not self’ and thus likely to be part of a pathogen, it destroys it.”

In security terms, this is actually called whitelisting. It is typically used for input validation. Instead of trying to list all illegal inputs (which is called blacklisting), list all legal inputs. The problems with the former is that you have to make sure you think about all illegal instances, which is often very difficult, using the latter you only have to focus on the legal cases. Seemingly, this is how nature works…


Profile picture

Written by Vidar Kongsli who is a software professional living in Oslo, Norway. Works as a consultant, system architect and developer at Bredvid. You should follow him on Twitter