Advances in hardware and software help protect operating systems from attack

The operating system (OS) is the backbone of your computer. If the operating system is compromised, attackers can take control of your computer or crash it. Now, researchers at North Carolina State University have developed an effective system that uses hardware and software to restore an operating system if it’s attacked.

These are security attacks in which an outside party successfully compromises a computer application (such as a web browser) and then uses that application to gain access to the operating system. For example, the compromised application could submit a “system call” to the operating system, effectively instructing the operating system to perform a specific function. However, instead of a routine function, the attacker would use the system call to attempt to take control of the operating system.

“Our goal is to give the operating system the ability to survive such attacks,” says Dr. Yan Solihin, associate professor of electrical and computer engineering at NC State and co-author of a paper describing the new system. “Our approach has three elements: attack detection; isolation of security vulnerabilities; and recovery.”

The concept is to take a snapshot of the OS at strategic times (such as system calls or interrupts), when it is functioning normally and then, if the OS is attacked, to erase everything that was done since the last “good” snapshot was taken – effectively going back in time before the OS was attacked. The mechanism also allows the operating system to identify the source of the attack and isolate it, so that the operating system is no longer vulnerable to attacks from this application.

The idea of ​​detecting attacks and restoring a system to a safe state is a well-known technique for restoring normal system functions after a failure, but this is the first time that researchers have developed a system that also incorporates the safety fault isolation component. . This critical component prevents the operating system from succumbing to the same attack repeatedly.

The concept of taking snapshots of the operating system and using it to replace the operating system if it is compromised was previously considered impractical because taking those snapshots and running such a system dramatically slowed computer operating speeds. “But we’ve developed hardware support that allows the operating system to integrate these survivability components more efficiently, so they take up less time and energy,” says Solihin. The researchers claim that the life support takes up less than 5% of the operating system’s operating overhead.

The article, “Architectural Framework for Supporting Operating System Survivability,” was co-authored by Solihin and former NC State Ph.D. student Xiaowei Jiang. The paper will be presented on February 16 at the IEEE International Symposium on High-Performance Computing Architecture in San Antonio, Texas. The research was supported, in part, by the National Science Foundation.

NC State’s Department of Electrical and Computer Engineering is part of the university’s College of Engineering.

Source of the story:

Material provided by North Carolina State University. Note: Content may be edited for style and length.

Comments are closed.