AUTONOMIC PERSONAL COMPUTING

Autonomic computing shares many complimentary objectives and goals with personal computing. While the ubiquitous personal computer has made enormous strides in the development of its technology since it was introduced in the early 1980s, it has grown in complexity to the same extent. Some of that complexity is managed through graphical interface software such as Windows; however, there still remains much to do to make the personal computer more accessible and simplified.

Personal computing has gone through several phases of evolution. From the era of faster processors, bigger storage, and newer operating systems to the times when the PC was treated as a commodity for increasing operational efficiency, there have been many changes.

The goals of autonomic computing and personal computing are similar. The goals they share include:

• Ease of installation and configuration.

• Ease of operation.

• Management of complexity in all its forms.

• Better protection from external threats.

• Solving problems.

• Reduction of cost of ownership.

When autonomic computing is widespread in the personal computing world, many millions of users will benefit worldwide. Of particular note is that autonomic personal computing will bring substantial benefits to less developed countries that do not have an abundance of infrastructure, technical support, and help.

For autonomic computing to make significant improvements in the management of personal computing, it must be addressed in the context of the complete infrastructure environment in which it operates. This means adding autonomic functionality to such areas as the Internet, servers, and networks that the personal computer is connected to. Figure 16.3 depicts this approach. Simply adding autonomic computing to the stand-alone desktop will not provide the needed self-management and support. All the current features of autonomic computing—self-configuring, self healing, self-optimizing and self-protection—will be used in the personal computing world.

Industry analysts believe that 80 percent of the cost of a personal computer is in managing and supporting its own systems after its initial purchase, whereas the purchase price amounts to less than 20 percent of the total cost of owning (TCO) and supporting a PC.

Autonomic computing means a computing infrastructure that adapts to meet the demands of the applications that are running in it. In other words, the software is developed and deployed with applications, and the infrastructure takes care of itself—adjusting automatically as applications and workloads change. The ultimate effect is not only less work for the hardware vendor but also much more effective utilization of the personal computer user's time, hence less frustration and more productivity.

Existing Features

Today's PC-related networks and the Internet already have a number of system management and semiautonomic features that have been successful. Some examples are:

• Plug and play— Certain hardware and software can be installed and configured without the intervention of the user in a transparent fashion. This procedure is designed to enable simple and robust connectivity among stand-alone devices and personal computers from many different vendors. This is a good example of the success of open standards acceptance by the IT industry.

• Optimization— Software such as Norton Utilities can sense the level of disk fragmentation and alert users that performance may suffer if the condition is allowed to continue. Once the user accepts the recommendation, the software will automatically reorganize the placement of data and software applications to improve the access to files and related data.

• Software Updates— Certain operating systems, for example Windows XP, have the capability to sense, receive, and install software updates automatically. Complexity is an inherent issue in personal computers. Windows XP has over 30 million lines of code that must be regularly maintained and updated with fixes, patches, and security enhancements.

• Backup and restore— Operating systems such as Windows XP will save an image of the applications on installation. This is available to users who may need it. IBM has a solution called RapidRestore which saves hidden partition and system information.

• Automatic clock changes— To adjust the time changes for daylight savings twice a year, Windows will automatically request that the personal computer clock be updated.

It should be noted that all these features, while useful and necessary, are semiautonomic because they require user action for complete implementation.

Personal Computing and Self-Protections

The issues with autonomic personal computing security and privacy are similar to the mainstream technology issues that have been identified for some time, namely:

• Authentication

• Authorization and access control

• Intrusion detection

• Definition of autonomic security policies

• Fraud detection and prevention

• User privacy

• Digital signatures (for e-commerce)

Computer viruses pose a serious threat to the security and integrity of the Internet, its applications and data, and its main access device—the PC. The growth in distributed computing along with new technologies, such as document-resident macros, powerful groupware environments, and the Internet itself, have increased the corporate network's vulnerabilities. Computer viruses can cause significant damage in terms of lost work and productivity to the individual directly affected by the virus, the individual's colleagues, and the corporate community as a whole. While the potential for virus attack on stand-alone computers is considerable, there is a significantly more dangerous potential for virus attack with networked computers, due to the speed and ease with which viruses can spread across networks. As a consequence, it is imperative that a virus strategy be adopted and adhered to rigorously. This will reduce the likelihood of a virus outbreak and minimize the risks associated with any virus outbreak.

In 1989, Robert Morris, then a student, wrote and released 49 lines of code that became known as the "Morris Worm." The Morris Worm paralyzed more that half of the Internet, yet mercifully so few of us were connected at that time that the impact on our society and commerce was minimal. Since then, the Internet has grown from primarily a tool of academia and the defense/intelligence communities to a global electronic network that touches nearly every aspect of everyday life at the workplace and in our homes.

The costs of viruses are phenomenal. Take the Code Red virus as an example. This worm virus, released in late 2001, infected thousands of sites and networks. According to the FBI's National Infrastructure Protection Center (NIPC) cleanup costs exceeded $1.2 billion.^[1] The FBI worked with experts in the United Kingdom, Australia, and Canada to try to contain the worm's spread. The Code Red program is a worm because it can spread across networks and infect new machines without computer users having to do anything at all. This was only one virus—multiply by the thousands of viruses released each year and the costs are unimaginable.

Viruses can go beyond the personal computer—desktop or laptop. Personal digital assistants are very popular, but the PDA in your pocket could be a pipeline for viruses. A PDA-borne virus could have a double payload—damaging data on the device itself and then using the PDA as a transmission device to spread the damage to notebook and desktop computers, and eventually the network.

The meteoric rise of the Internet in global commerce and its widespread use in communication makes solving information security problems over wide area networks of paramount importance. The building blocks of the Internet are components that are intrinsically not secure, and given their complexity, it is not possible to build secure components. Furthermore, for most applications, the definition of security is ambiguous, and will remain so until security policies are created for the myriad uses of large systems.

Hence, it will be necessary to retrofit flexible security measures into existing systems. One solution is intrusion detection, which involves the detection of activity that threatens a system. The focus of the intrusion detection community has been on detection, but the broader problem of response in the face of a detected incident is also being considered.

So, the self-protecting functions of autonomic computing must work in the environment described above. Here are a few examples:

1. One autonomic approach is with policy-driven detection and prevention. Start with a defined policy on how the threats and solutions will be implemented and managed. The policies can be described to the autonomic element. These policies must be clear, concise, workable policies to be implemented on autonomic systems, that will raise inside or outside threat awareness and accountability for organizations, while acknowledging and understanding privacy issues for system monitoring.

2. As new attacks are observed, the signature database must be updated automatically by the autonomic element. This requires abstracting the features of an attack that (1) can be observed from audit logs or network sniffing and (2) relates directly to the ability of the attack to achieve its goal.

3. Can an autonomic system detect previously unseen attacks? Clearly, those systems that match data streams against patterns in a simple-minded way will fail to detect any attack that is not recognized in the system pattern database. Since it is very easy to construct an unbounded number of variants in almost every attack, this may be a serious obstacle to overcome.

4. Autonomic detection must be made safe from attack and able to protect itself. The issue here is whether the autonomic intrusion detection system can be attacked. It will be a target for hackers and egotists wishing to defeat IBM's technology. All previous and existing software for intrusion detection systems seems to be vulnerable to denial of service attacks (e.g., through flooding). The problem is exacerbated as network capacity increases. In general, the problem of protecting an autonomic intrusion detection system seems to require the cooperation of intrusion detection components, perhaps based on the techniques of fault-tolerance and carrying into the realm of autonomic. The problem is somewhat simplified by making it difficult for an attacker to break into an intrusion detection system, much as it is difficult to break into a router that is not intended for general-purpose use. However, providing a remote management capability gives a handle to attack an intrusion detection component.

5. Infrastructure support is another critical development issue that the autonomic community needs to confront. No one product or capability may be able to solve every intrusion detection problem if anomaly detection and internal misuse are included. This means that the community needs to begin to think about architecture for potential damage detection, prevention, and recovery. The architecture may need to use several security tools together across broad groups of networks within an enterprise. Will that architecture be hierarchical, distributed, or something else? Autonomic collaboration may the key. Someone needs to think about autonomic systems engineering of computer security systems, including some areas that are usually avoided, such as cost, maintenance, and usability. This also means that someone needs to think about what an "ideal" autonomic computer security management scheme would look like and how it would engage with legal and other enterprise-wide system management.

These are just a few of the challenges and opportunities that autonomic self-protecting technology and software must address in the personal computer market.