Skip to Main Content
IBM Cloud - Structured Ideas


This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

IBM Cloud Support Center (https://cloud.ibm.com/unifiedsupport/cases/form) – Use this site for any IBM Cloud defect or support need.

Stack Overflow (https://stackoverflow.com/questions/tagged/ibm-cloud) – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud".

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories Security
Created by Guest
Created on Apr 11, 2023

Low-Level Security Separation via hashcoding of all executables/scripts via cached/validated Hashcodes

Why do we still have malware, spyware, ransomware, or backdoors? Is it because our firewalls or Anti-virus solutions are only reactive and not proactive? Or is it because we don’t have walled/secured gardens or has security a too high price we would need to pay (i.e., restricting our dynamic progress or open standards)?

Currently, Computer Security is based on paradigms that are NOT capable of “eliminating” malware or restricting AI/AGI (capable of coding or reverse code engineering (RCE)). We also can’t kill an out-of-control AI globally or treat an escaped AI as malware. However, if a rogue AI escapes, we would need a global Kill-Switch to regain control over our technology.

I wrote a book on AI-assisted hacking (i.e., hacking based on an assumed/extreme level of skills, like reverse code engineering): “2028 - Hacker-AI and Cyberwar 2.0+ (Securing our Future: Proactive Resilience through Separated Security Measures)”. The main conclusion is that we must remove cyberspace as a battlefield for cyberwar with technical solutions; we must be able to stop AI-based malware. Any scenario of using AI in cyberwar or cybercrime is pure madness.

The proposed solution is based on low-level security separation that prevents the commingling of regular computation from security-related confirmation/validation code. Initially, it is based on updatable low-level/hypervisor-based software; in the 2nd step: separate, non-bypassable, retrofittable hardware components within the databus or storage/network components.

A fast quantum leap in computer security is urgently needed if we want to remain in control of our IT hardware. My concern is (1) rogue nations (starting a cyberwar using AI tools), (2) criminals using AI to bypass 2FA and automate cybercrime, and (3) AI hiding within our technical ecosystem trying to gain covert control over IT resources. Due to our dependence on technology, cybersecurity is a human rights issue – which means it should not matter how much security a person/organization can afford – it means we must be fundamentally safe from malware, trojans, spyware, ransomware, or we can easily/quickly attribute damage to a culprit (and not a patsy). This is feasible (and not wishful thinking).

Using AI in cyber defense will not automatically shift the balance toward defender advantage. However, a defender advantage is required – otherwise, the speed of AI misusing vulnerabilities could make our security unmanageable and untrustworthy.

What I want to propose is cybersecurity that provides proactive, redundant, low-level separable (updateable/retrofittable) protection without bothering users (or developers). My goal would be “security overkill” against misuse of CPUs by nation actors and AI/AGI (even if it uses reverse code engineering or dynamic code modifications. The solution is voluntary, interoperable with existing tech, and does NOT include potentially illegal methods (like hackbacks or beacons)

Preparing the world for AI/AGI and against rogue/adversarial nations eager to utilize our vulnerabilities is extremely urgent (see letter for 6 months of AI moratorium). I thought about solution(s) and included some fundamental ideas in my above-mentioned book. I worked out more details for this solution – I am certain it is doable. 

Idea priority Urgent
Needed By Not sure -- Just thought it was cool
  • Admin
    GILLY DEKEL
    Reply
    |
    Apr 18, 2023

    Thank you for your submission - this is not relevant for IBM Cloud at this time