U.Va. Creation is Keeping Cyber Attackers Guessing

December 02, 2009

December 2, 2009 — It may be difficult to fathom, but every time you draft a document, surf the Web or even check your e-mail, you are actually putting yourself at risk for a cyber attack.

Without sufficient security measures in place, "There are all kinds of bad things that can happen," Jack W. Davidson said. "People's identities have been stolen because the software they were using was not secure."

Thankfully, cyber crime-fighters like Davidson and Jason D. Hiser have your back. The University of Virginia computer scientists are using cutting-edge virtual-machine technology to keep computer users protected – and cyber attackers guessing.

While software developers currently employ a variety of security techniques, such as encryption and code obfuscation, to modify data and program code in a way that makes it difficult to understand, these defenses do not prevent attackers from analyzing how a program runs, thus leaving the software vulnerable to attack. These strategies also can involve special hardware and high overhead costs, limiting their widespread adoption.

Davidson and Hiser have overcome these challenges with the development of a process for continuous obfuscation and anti-tampering, or COAT. COAT extends Strata, a virtual machine developed by researchers at U.Va. and the University of Pittsburgh, to protect individual software programs dynamically, inexpensively and with no specialized hardware.

Virtual machines are software applications that essentially serve as command centers for other programs, providing them with operating instructions. With COAT, the researchers are operating within this framework to provide an added, dynamic layer of protection. That is, when COAT runs a program, the program's instructions are modified not just once, as is typical of most software, but continuously for added security.

"COAT makes it very difficult to detect how a program works, because every time you look at the code it looks different," Hiser said. "As a result, attackers are unable to inject or execute malicious code that could hijack your personal data."

Unlike other virtual machines, which serve as a platform for several programs at once, COAT is unique in that it is directly integrated with an individual program, making it difficult to discern where the virtual machine ends and the program begins for added security. Additionally, because COAT is only responsible for running one program at a time, it is more streamlined than existing alternatives, enabling it to efficiently execute a program at its regular speed.

This software has applications in a number of fields in which data security is crucially important, including critical infrastructure and military operations. The technology could also be used to prevent illegal distribution of software or digital media, and to protect end users of software and games. The U.Va. Patent Foundation has licensed the researchers' technology to Cloakware Corporation, an Irdeto company specializing in software technology solutions for the protection of business and digital assets.

"There are so many types of software that we want to trust," Hiser said. "With this dynamic technology, we can feel secure using our software."

— By Morgan Estabrook