Foresight Update 11

page 1

A publication of the Foresight Institute

Foresight Update 11 - Table of Contents | Page1 | Page2 | Page3 | Page4


Japan Pursues Nanotechnology

US Begins Assessment
by Chris Peterson

Research agencies in Japan are taking steps to develop nanotechnology, which "seems destined to become Japan's next priority target for industrial research," according to the international scientific journal Nature (February 7). Japan's Science and Technology Agency--a competitor to the Ministry of International Trade and Industry (MITI)--is moving fastest.

Already STA has funded several relevant projects through its innovative Exploratory Research for Advanced Technology (ERATO) program, as described in earlier issues of Update. Now the focus is sharpening: Nature reports that in February STA sponsored "an unusual little gathering of biologists, physicists, and chemists in Kyoto to discuss atomic-level design of functional structures." While a similar meeting was held in the U.S. over a year earlier--the First Foresight Conference on Nanotechnology at Stanford University in October 1989--its orientation was primarily academic, and it had no government backing.

MITI seems to be concentrating on making smaller electronics, such as quantum dot and quantum wire devices, as part of a $40 million project within its "basic technologies for future industries" (Jiseidai) program. MITI may still be focusing on the top-down approach to miniaturization, using improved semiconductor techniques, rather than the bottom-up approach STA seems to be favoring, which aims for positional control of chemical reactions. If so, a most interesting race could develop, in which Foresight's bet is on the bottom-up approach as the only way to gain flexible control at the molecular level.

Meanwhile the U.S. government has begun its first tentative steps toward an examination of the potential of nanotechnology and molecular manufacturing. The Congressional Office of Technology Assessment (OTA) now has a staff member conducting a study of the future of miniaturization. While primarily focused on microelectronics and micromachines, the project has been expanded to include some consideration of molecular approaches. As part of the study, a workshop was held at OTA on February 19; of fifteen invited participants, two represented the molecular perspective: Eric Drexler of the Foresight Institute and Richard Potember of Johns Hopkins University.

The OTA study is a first step in the long process of consensus building that may be needed before a significant amount of U.S. federal research funds is earmarked for work toward nanotechnology. Enabling science and technology work is being done already in academic, industry, and government labs, but without the clear, long-range goals seen in Japan.

Foresight Update 11 - Table of Contents


Are Viruses Inevitable?

by Norman Hardy

Computers are increasingly important in our daily lives: more and more products and activities throughout society depend on computers working as programmed. A major question arises: how reliable is the software running on these computers, and how much can its reliability be improved? Is it possible to protect computer operations from outside tampering, or is it all intrinsically vulnerable to attack by software 'viruses,' which copy themselves from machine to machine?

A paper by William Dowling (note 1) published last fall touched off a flurry of media coverage on this question, in which the answer seemed to be "Sorry--damage by computer viruses can't be prevented, even in theory." Under the headline "Eternal Plague: Computer Viruses," the paper was summarized by the prestigious journal Science: "Short of total isolation, there is no way to protect a computer against all possible viral attacks." (note 2) The popular press gave even stronger interpretations.

In fact, what Dowling showed was more limited and does not rule out the possibility of secure systems. As Science pointed out later in the same article: "What is futile, Dowling's work shows, is to look for a single 'magic bullet' that will eradicate all conceivable computer viruses." This does not warrant pessimism, because there are other approaches to dealing with the problem.

Stupid, Brute-Force Methods

Dowling shows that no single program can correctly identify all viruses unless the operating system is unalterable. (note 2) Operating systems can, of course, be made unalterable. A simple but effective approach would be to store the operating system in read-only memory, which no software can alter. Indeed, one could store not just the operating system but all programs in read-only memory. Such a computer could process incoming data without becoming infected. It could be reprogrammed only by physically swapping memory chips, but it would be secure from viruses entering over data transmission lines.

Filtering Out Risk

Programs are available today to search for viruses, but these programs can only recognize members of some specific set of known viruses. While Dowling showed that it is not possible to determine whether all programs are definitely safe or definitely unsafe, this is not required in the task of accepting only safe programs. One need only be able to sort into two categories: (1) definitely safe, and (2) possibly unsafe. A program which could reject all viruses, while accepting some (or even most) safe programs, has not been ruled out.

About twenty years ago J. Peter Deutsch sent me a program that would examine another program and accept it or reject it. An accepted program was sure to terminate in a known time and not store outside a pre-specified area of memory. Not all programs that met these restrictions would be accepted. Indeed, accepted programs had to conform to rigid rules, but these rules allowed certain useful programs.

This early work shows the basic point: by being overly strict--rejecting some safe programs as well as the risky ones--we could in principle filter out all risky programs. That this is true is easily seen by taking an extreme example: suppose the filter screened out all risky programs by accepting only those exactly matching a short list of known safe programs. This would be very crude, but effective. Dowling's work shows that even the optimal screening algorithm would still screen out some safe programs, but this may be a small price to pay for a secure system.

Today's Methods

Dowling goes on to argue that most real operating systems are necessarily vulnerable to some virus because they reside in writable memory. Indeed, most popular personal computers suffer this weakness today. More fully developed operating systems, however, use hardware memory protection features that have been widely available since 1965 (note 3).

Such hardware distinguishes two modes: privileged and user. The hardware limits which memory can be modified while in user mode. A program may change these limits only when in privileged mode (note 4). When the machine is initially turned on, it is in privileged mode, and the first program the machine begins to obey is in a position, with these modes, to protect itself and its data while it allows other, untrusted programs to run in user mode. The machine reverts to privileged mode and resumes obeying the original program upon any of several events called interrupts. Attempts to violate the memory limits cause an interrupt. Exceeding a time limit established in privileged mode likewise causes an interrupt.

Operating systems (or kernels thereof) are designed to run in this manner, as privileged code. An untrusted program can run efficiently under the restraint of the operating system with the nearly undivided attention of the CPU (central processing unit), subject only to the caveat that it is in user mode and the consequent limitations.

With memory limits, the operating system reserves to itself the memory for its code and some more memory in which to remember its agenda. By enforcing time limits, the operating system reserves some time for itself to execute its policies.

Not all operating systems have used these safety features, and not all systems that did use them have maintained sufficient care to retain control against clever attack. Even if the privileged code remains in control, there are other points of attack by the virus. Nearly all operating systems run programs at the request of a user with all of the authority of the user: the program automatically has as much authority as the person running it. There may be ways for a user to run a program while limiting its reach, but this is seldom convenient or known to casual users. A virus in such a program is thus in a position to modify the program in any file that the user could modify, thus propagating itself. Some users seldom run programs where they can modify such files. But in Unix there are several other kinds of files, such as shell scripts, that are enough like programs to serve as hosts for active viruses.

In most systems a program learns what input it is to process by first learning the name of the file and then asking the operating system to copy data from the file to its memory. The authority it uses to read the file is the same authority the virus uses to infect other files.

A Better Approach

A newer type of operating system is the capability system. It uses the principle behind the old saying "Good fences make good neighbors": if you don't want an untrusted program messing up other programs, make sure it doesn't have access to them. Rather than giving a program the same level of authority as its user, this system gives it only enough to get its job done. This detailed, exact allocation can be described as fine grain authority: it separates functions with more impenetrable walls (i.e., fences) than do earlier methods.

When a program is initially set up, the user indicates which tools and inputs it is permitted to access; it then has the required capabilities with respect to these items. It has no ability to modify other material, and so any associated virus is unable to spread.

Currently, very few operating systems use the capability approach. One of them, KeyKOS by Key Logic, is currently being evaluated by the U.S. government for general environments requiring high levels of military security, and has never been cracked.

Why Security Matters

Powerful future technologies, such as nanotechnology, will be controlled by increasingly complex computational systems. Whether and how they can be made secure from tampering is of critical importance. For the reasons above, it appears that security is possible, with sufficient care. We will need to understand what is possible in this field if we are to cope successfully with the problems ahead. Assertions that secure systems are impossible are false and misleading.

Norman Hardy has been involved both with secure operating systems used in commercial timesharing systems and with computer network security. He cofounded and is a senior scientist at Key Logic, a company that builds secure operating systems.


1. Dowling, William F., "Computer Viruses: Diagonalization and Fixed Points," Notices of the American Mathematical Society, 37.858, pp. 858-861.
2. Cipra, Barry, "Eternal Plague: Computer Viruses," Science, Vol. 249, 21 September 1990, p. 1381.
3. The Motorola 68030 and Intel 80386 chips and their successors have memory protection suitable to these ends.
4. Control of I/O is also typically limited to privileged mode.

Links to work on secure operating systems:

Foresight Update 11 - Table of Contents


Upcoming Events

First Conference on Computers, Freedom and Privacy, March 25-28, 1991, Airport SFO Marriott Hotel, Burlingame, CA, $400. Sponsored by Computer Professionals for Social Responsibility; cosponsored by IEEE, ACM, Electronic Frontier Foundation, Cato Institute, ACLU, Autodesk, etc. Multidisciplinary meeting of up to 600 concerned with electronic speech, press and assembly; computer-based surveillance by government, etc. Invitational: contact 415-322-3778; fax 415-851-2814; email

Hypertext Publishing '91
, April 2-4, 1991, Pittsburgh Hilton, $450. Sponsored by Texas Instruments and Knowledge Systems. Focuses on stand-alone hypertext publications rather than large open systems. Contact 412-241-2264; fax 412-241-2307.

Molecular Graphics Society Meeting, May 14-17, 1991, University of North Carolina, Chapel Hill, NC. Interactive graphics, presentation graphics, interfaces networking, novel display techniques; includes vendor exhibition. Contact Molecular Graphics Conference Office, c/o Dr. Frederick P. Brooks, Jr., Dept. of Computer Science, University of Computer Science, Univ. of NC, Chapel Hill, NC 27599-3175.

Nanostructures and Mesoscopic Systems, May 20-24, 1991, Sante Fe, NM, sponsored by Texas A&M EE and Physics Dept., NSF, DoE, TI. Covers quantum effects and today's top-down fabrication methods. Contact 409-845-2590 or email

Space Development Conference, May 22-27, 1991, Hyatt Regency, San Antonio, TX, sponsored by National Space Society, Southwest Research Institute. Cosponsored by Foresight Institute. Will have a session and workshop on nanotechnology, and a table for Foresight Institute; see elsewhere in this issue for details. Register before May 1 at cosponsor rate of $70: contact Beatrice Moreno, 512-522-2260.

AAAI-91, National Conference on Artificial Intelligence, July 14-19, 1991, Anaheim, California. Sponsored by the American Association for Artificial Intelligence. Contact 415-328-3123; fax 415-321-4457; email

STM '91, International Conference on Scanning Tunneling Microscopy, August 12-16, 1991, Interlaken, Switzerland. Contact Ch. Gerber, fax (1) 724 31 70.

Second Foresight Conference on Nanotechnology, Nov. 7-9, 1991. Technical meeting sponsored by Foresight Institute, Stanford Dept. of Materials Science and Engineering, University of Tokyo Research Center for Advanced Science and Technology. See announcement elsewhere in this issue.

Science and Technology at the Nanometer Scale, American Vacuum Society National Symposium, Nov. 11-15, 1991, Seattle, WA. Contact James Murday, Code 6100, NRL, Washington, DC 20375-5000; fax 202-404-7139 (or American Vacuum Society).

Ecotech, Nov. 14-17, Monterey Conference Center, $595. Participating organizations include Apple Computer, CPSR, Econet, Foresight Institute, Global Business Network. Will explore the technologies of ecology and their application. For businesspeople, scientists, environmentalists, public policy makers. Includes a talk and workshop on nanotechnology.

Hypertext '91, Dec. 15-18, San Antonio, TX. All areas of hypertext research. Contact 409-845-0298, fax 409-847-8578, or email

Third Conference on Technology, Entertainment & Design, Feb. 20-23, 1992, Monterey, CA. Confirmed speakers include Stewart Brand, Jaron Lanier, Paul Saffo, John Sculley, Edward Tufte. Great fun, but expensive. Contact 619-259-5110; fax 619-259-1495.

Foresight Update 11 - Table of Contents


Nanotechnology and the Culture of Abundance

by BC Crandall

Applied nanotechnology (the mechanical capability to engineer matter at the molecular level) will change every aspect of life as we know it. But all such change will come from specific products, designed and created for particular purposes.

Call for Papers

Contributions are solicited for a collection of papers aimed at the popular science market that describe products and applications that molecular-scale engineering will make possible. Describe your vision of a particular nanotechnological device, how it works, and how it will change our world. This book is intended for intelligent individuals who may not be familiar with nanotechnology, but could grasp the concept from a few paragraphs.

Potential contributors are asked to submit an abstract of 300-600 words. Abstracts will be judged as to (1) clarity of presentation, (2) technical accuracy and completeness, (3) scale of potential cultural impact, and (4) wow factor. Keep it real, but make it flashy.

Contributors with the most promising abstracts will be asked to develop papers of 3,000-8,000 words. Artwork is encouraged. The collected papers will be published under the title: Nanotechnology and the Culture of Abundance.

Abstracts and papers will be reviewed by:

While writing abstracts and papers, keep in mind the following suggestions:

1. Products should be items that people already want. Consider housing, transportation, education, health care, energy, food, the environment, and, perhaps most important, entertainment.

2. Products should incorporate simple and effective safeguards. Products should not appear able to "get loose" or present any environmental dangers. Safety factors should be intrinsic and obvious without undue explanation. Products should be clearly limited to doing only what they are designed to do.

3. Products should be a potential reality within the next 50 years. Include an approximate time of arrival based on your estimate of technology's trajectory. Highlight any particularly noteworthy hurdles that must be overcome or enabling technologies that must be in place.

Abstracts due: 1 May 1991

Notification of acceptance: 6 June 1991

Papers due: 1 August 1991

Send abstracts, including author's name, mailing address (and email address if available), telephone and fax numbers, to BC Crandall, Nanotechnology Project, PO Box 2178, Sausalito, CA 94965 USA (or email:

Nanotechnology: Molecular Speculations on Global Abundance was published by The MIT Press in 1996.

Foresight Update 11 - Table of Contents


Books of Note

Books are listed in increasing order of specialization and reading challenge. Your suggestions are welcome. And remember, if a book's price looks too high, your library should be able to get it through interdepartmental loan. --Editor

Doing Science, ed. John Brockman, Prentice Hall Press, 1991, softcover, $11.95. For the general reader. Includes essays on exploratory engineering by Eric Drexler, on the methods of theoretical physics by Foresight advisor Gerald Feinberg, on artificial life by Kevin Kelly, and on how to tell science from pseudoscience by Richard Morris.

Essence of Creativity: A Guide to Tackling Difficult Problems, by Steven H. Kim, Oxford University Press, 1990, hardcover, $29.95. Prof. Kim of MIT explores methods of addressing and resolving problems that admit of no obvious solution, or for which even the means of attaining a solution are unclear. Includes: the incremental growth of ideas, enhancing the processing phase of creativity, with a special focus on applications in research and product development. For thinkers everywhere.

Foresight Update 11 - Table of Contents | Page1 | Page2 | Page3 | Page4

From Foresight Update 11, originally published 15 March 1991.