2015-188 PROVABLY SECURE VIRUS DETECTION

Provably Secure Virus Detection

 

SUMMARY

Professor Rafail Ostrovsky in the Department of Computer Science, in collaboration with researchers at Georgia Institute of Technology, has developed a provably secure defense against software viruses that can be deployed on computers without any additional hardware requirements.

 

BACKGROUND

With the continued global rise and ubiquity of computers, smart phones, and other web-connected devices, a major issue that remains unsolved is malware, where code is installed into a program and takes over the system with a malicious intent. Computer viruses are conservatively estimated to be responsible for billions of dollars of economic damage each year by causing such problems as theft, systems failure, wasting of computer resources, and data corruption, as well as increased maintenance costs. This problem continues to get worse as attackers become more sophisticated.

 

Because of the urgency and importance of this problem, it has been intensively researched and there are many suggested defense mechanisms. However, none of these methods have been proven to consistently work against all attacks. The most practiced method is to block the path the attacker uses to inject and execute its malware, and typically aims to protect specific memory vulnerabilities. Other defense approaches include monitoring system calls made by the program to detect abnormal behavior, software-fault isolation, instruction set randomization, or software diversity, which uses randomization to ensure that each system executes unique copies of the software, so that an attack which succeeds against some system will most likely fail against others. While each of these approaches show some success, many of them are ad hoc patches targeted to a small class of vulnerabilities. These methods are also generally heuristics, and are thus not formally proven to be efficient or effective, but simply experimentally validated. Furthermore, many of these experiments show the approaches to force undesirable tradeoffs between security, accuracy, and system performance.

 

INNOVATION

A team of researchers lead by UCLA Computer Science professor Rafail Ostrovsky have developed a breakthrough method in malware protection which uses the very insertion of the malware to allow the systems to detect it. In this approach, the system is compiled to such a state so that any such change will be caught with arbitrary high probability without sacrificing performance. The detection is done via a provably secure challenge-response mechanism that is implemented between the machine executing the compiled software and a simple verifying external device.

 

APPLICATIONS

This method can be used for malware detection in computers, including:

  • Laptop or desktop computers
  • Tablets
  • Smartphones
  • Servers

 

ADVANTAGES

This method requires no changes to the computer hardware, and as such:

It can be implemented completely in software

It minimally affects program performance

This method is mathematically proven to detect malware with high probability

 

STATE OF DEVELOPMENT

This formal cryptographic model has been tested and accompanied by rigorous mathematical proofs for detection probability.

Patent Information:
For More Information:
Joel Kehle
Business Development Officer
joel.kehle@tdg.ucla.edu
Inventors:
Richard Lipton
Rafail Ostrovsky
Vassilis Zikas
Categories:
Software & Algorithms