Secure computing platform advances cybersecurity ‘Holy Grail’

Secure computing platform advances cybersecurity ‘Holy Grail’

Technology News |
Researchers at the Carnegie Mellon University CyLab Security and Privacy Institute say they have developed a new provably secure computing environment that protects users' communication with their devices.
By Rich Pell


The computing environment protects users’ communication with devices such as keyboards, mice, or displays, from all other compromised operating system and application software and other devices. As a result, even if malicious hackers compromise operating systems and other applications, the secure environment is protected, making it impossible for hackers to eavesdrop on users’ keystrokes, capture confidential screen output, or steal or modify data stored on user-pluggable devices.

Their platform, say the researchers, represents a big step toward the holy grail of cybersecurity – a user-friendly computing environment where the guarantee of security is as strong as a mathematical proof.

“In contrast to our platform, most existing endpoint-security tools such as antivirus or firewalls offer only limited protection against powerful cyberattacks,” says CyLab’s Virgil Gligor, a professor of Electrical and Computer Engineering (ECE) and a co-author of a paper on the research. “None of them achieve the high assurance of our platform. Protection like this has not been possible to date.”

In their work, the researchers presented an I/O separation model, which defines precisely what it means to protect the communications of isolated applications running on frequently compromised operating systems such as Windows, Linux, or MacOS. The I/O model, say the researchers, is the first mathematically proven model that achieves communication separation for all types of I/O hardware and I/O kernels – the programs that facilitate interactions between software and hardware components.

As an example of how this works, if a user needs to transfer some money online and needs to guarantee that the transactions will remain private even if their computer has unknowingly been compromised with malware, performing those transactions in this environment would be provably secure. Even a completely compromised operating system cannot steal or modify the private data the user inputs using a keyboard or mouse and display on their screen.

This type of secure environment, say the researchers, is even more important with the rise of remote work, as more and more workers are utilizing Virtual Desktop Infrastructures (VDIs), which allow them to operate remote desktops.

“Business, government, and industry can benefit from using this platform and its VDI application because of the steady and permanent shift to remote work and the need to protect sensitive applications from future attacks,” says Gligor. “Consumers can also benefit from adopting this platform and its VDI clients to secure access banking and investment accounts, perform provably secure e-commerce transactions, and protect digital currency.”

The researchers say that while the platform is still in the development phase, they aim to commercialize it in the coming years. For more, see “An I/O Separation Model for Formal Verification of Kernel Implementations.”

Related articles:
Cybersecurity expert shares top predictions for 2020
New concept in computer systems promises to kill cyber crime
Free cybersecurity tool ‘thinks like a hacker’
Protecting IoT devices from cyberattacks: A critical missing piece

Linked Articles