University of Utah computer scientists have developed software that
not only detects and eradicates never-before-seen viruses and other
malware, but also automatically repairs damage caused by them. The
software then prevents the invader from ever infecting the computer
again.
A3 is a software suite that works with a virtual machine --
a virtual computer that emulates the operations of a computer without
dedicated hardware. The A3 software is designed to watch over the
virtual machine's operating system and applications, says Eric Eide,
University of Utah research assistant professor of computer science
leading the university's A3 team with U computer science associate
professor John Regehr. A3 is designed to protect servers or similar
business-grade computers that run on the Linux operating system. It also
has been demonstrated to protect military applications.
The new
software called A3, or Advanced Adaptive Applications, was co-developed
by Massachusetts-based defense contractor, Raytheon BBN, and was funded
by Clean-Slate Design of Resilient, Adaptive, Secure Hosts, a program of
the Defense Advanced Research Projects Agency (DARPA). The four-year
project was completed in late September.
There are no plans to adapt A3 for home computers or laptops, but Eide says this could be possible in the future.
"A3
technologies could find their way into consumer products someday, which
would help consumer devices protect themselves against fast-spreading
malware or internal corruption of software components. But we haven't
tried those experiments yet," he says.
U computer scientists have
created "stackable debuggers," multiple de-bugging applications that
run on top of each other and look inside the virtual machine while it is
running, constantly monitoring for any out-of-the-ordinary behavior in
the computer.
Unlike a normal virus scanner on consumer PCs that
compares a catalog of known viruses to something that has infected the
computer, A3 can detect new, unknown viruses or malware automatically by
sensing that something is occurring in the computer's operation that is
not correct. It then can stop the virus, approximate a repair for the
damaged software code, and then learn to never let that bug enter the
machine again.
While the military has an interest in A3 to enhance
cybersecurity for its mission-critical systems, A3 also potentially
could be used in the consumer space, such as in web services like
Amazon. If a virus or attack stops the service, A3 could repair it in
minutes without having to take the servers down.
To test A3's
effectiveness, the team from the U and Raytheon BBN used the infamous
software bug called Shellshock for a demonstration to DARPA officials in
Jacksonville, Florida, in September. A3 discovered the Shellshock
attack on a Web server and repaired the damage in four minutes, Eide
says. The team also tested A3 successfully on another half-dozen pieces
of malware.
Shellshock was a software vulnerability in UNIX-based
computers (which include many web servers and most Apple laptops and
desktop computers) that would allow a hacker to take control of the
computer. It was first discovered in late September. Within the first 24
hours of the disclosure of Shellshock, security researchers reported
that more than 17,000 attacks by hackers had been made with the bug.
"It
is a pretty big deal that a computer system could automatically, and in
a short amount of time, find an acceptable fix to a widespread and
important security vulnerability," Eide says. "It's pretty cool when you
can pick the Bug of the Week and it works."
Now that the team's
project into A3 is completed and proves their concept, Eide says the U
team would like to build on the research and figure out a way to use A3
in cloud computing, a way of harnessing far-flung computer networks to
deliver storage, software applications and servers to a local user via
the Internet.
The A3 software is open source, meaning it is free
for anyone to use, but Eide believes many of the A3 technologies could
be incorporated into commercial products.
Other U members of the
A3 team include research associate David M. Johnson, systems programmer
Mike Hibler and former graduate student Prashanth Nayak.