Provably Secure Virus Detection
SUMMARY
Professor Rafail Ostrovsky in the Department of Computer Science, in collaboration with researchers at Georgia Institute of Technology, has developed a provably secure defense against software viruses that can be deployed on computers without any additional hardware requirements.
BACKGROUND
With the continued global rise and ubiquity of computers, smart phones, and other web-connected devices, a major issue that remains unsolved is malware, where code is installed into a program and takes over the system with a malicious intent. Computer viruses are conservatively estimated to be responsible for billions of dollars of economic damage each year by causing such problems as theft, systems failure, wasting of computer resources, and data corruption, as well as increased maintenance costs. This problem continues to get worse as attackers become more sophisticated.
Because of the urgency and importance of this problem, it has been intensively researched and there are many suggested defense mechanisms. However, none of these methods have been proven to consistently work against all attacks. The most practiced method is to block the path the attacker uses to inject and execute its malware, and typically aims to protect specific memory vulnerabilities. Other defense approaches include monitoring system calls made by the program to detect abnormal behavior, software-fault isolation, instruction set randomization, or software diversity, which uses randomization to ensure that each system executes unique copies of the software, so that an attack which succeeds against some system will most likely fail against others. While each of these approaches show some success, many of them are ad hoc patches targeted to a small class of vulnerabilities. These methods are also generally heuristics, and are thus not formally proven to be efficient or effective, but simply experimentally validated. Furthermore, many of these experiments show the approaches to force undesirable tradeoffs between security, accuracy, and system performance.
INNOVATION
A team of researchers lead by UCLA Computer Science professor Rafail Ostrovsky have developed a breakthrough method in malware protection which uses the very insertion of the malware to allow the systems to detect it. In this approach, the system is compiled to such a state so that any such change will be caught with arbitrary high probability without sacrificing performance. The detection is done via a provably secure challenge-response mechanism that is implemented between the machine executing the compiled software and a simple verifying external device.
APPLICATIONS
This method can be used for malware detection in computers, including:
- Laptop or desktop computers
- Tablets
- Smartphones
- Servers
ADVANTAGES
This method requires no changes to the computer hardware, and as such:
It can be implemented completely in software
It minimally affects program performance
This method is mathematically proven to detect malware with high probability
STATE OF DEVELOPMENT
This formal cryptographic model has been tested and accompanied by rigorous mathematical proofs for detection probability.