Make your computer safer-ScienceDaily-IllinoisNews Today

Computer security is very important to all of us, as businesses and governments rely on computers and the Internet to do everything from the power grid, medical and water systems. It is increasingly being infringed. Last month’s security hacks included a breach of the Colonial Pipeline and a JBS Foods ransomware attack in which a hacker hijacked an organization’s computer system and demanded payment to unlock it and release it to its owner. The White House takes the ransomware threat seriously and encourages businesses to update their systems to protect themselves. But these attacks continue to threaten us almost every day.

Researchers at Columbia Engineering, a leader in computer security, will make computer systems more secure at the International Symposium on Computer Architecture (ISCA), the premier forum for new ideas and discoveries in computer architecture2. I recently published two major treatises. This new study, which has little or no impact on system performance, has already been used to create Air Force Research Laboratory processors.

“Memory safety has been a problem for nearly 40 years and many solutions have been proposed. Memory safety continues to be a problem because it does not evenly distribute the burden between software engineers and end users. “I think so,” said Simha. Sethumadhavan, an associate professor of computer science, focuses on how to use computer architecture to improve the security of your computer. “With these two treaties, we believe we have found the right balance of burdens.”

Computer security has been a long-standing issue, and many of the proposed systems work in a research environment, but not in real-world situations. Sethumadhavan believes that the way to protect your system is to start with the hardware and then the software. The urgency of his research is that he has received significant grants from both the Navy Research Department and the U.S. Air Force, and PhD students have a Qualcomm Innovation Fellowship to create practical security solutions. I have received it. It is emphasized by the facts.

Sethumadhavan’s group has noticed that most security issues occur in computer memory, especially pointers. Pointers are used to manage memory. This can corrupt memory and open the system to hackers who hijack programs. Current technologies for mitigating memory attacks consume a lot of energy and can destroy software. These methods also have a significant impact on system performance. Your phone’s battery drains quickly, apps run slowly, and your computer crashes.

The team set out to address these issues and created a security solution that protects memory without impacting system performance. They call the new memory security solution ZeRØ. This is a zero overhead restore operation under a pointer integrity attack.

ZeRO Overview Video-

ZeRO has a set of memory instructions and a metadata encoding scheme that protects system code and data pointers. This combination eliminates performance overhead. It does not affect the speed of the system. ZeRO requires minor changes to the system architecture and can be easily added to modern processors. Of particular importance is that ZeRO can perform all of these functions and avoid system crashes in the event of an attack.

“Zero provides free memory security and is a perfect complement to systems that mitigate memory attacks,” said Mohammed Tarek, a fourth-year doctoral student and co-author of the study. “The key to widespread adoption of security technology is performance overhead and inconvenience.”

A second paper by the Sethumadhavan team, No-FAT: Architectural support for low-overhead memory safety checks is a system that accelerates security checks with a small impact (8%) on computer performance. 10 times faster. Current software technology for detecting memory errors. The name is, as the ad says, a reference to fat-free milk that “has all the goodness of milk with less calories.”

Fat-free overview video-

No-FAT accelerates fuzz testing, which is a type of automated software testing method, and it is very easy for developers to add fuzz testing when building a system. This technique builds on software’s recent trend of binning memory allocators using buckets of various sizes to store memory until the software needs it. Researchers have found that using binning memory allocation in software can provide memory security with little impact on performance and is compatible with existing software.

Both ZeRO and No-Fat aim to strengthen memory systems and increase their resistance to attacks with little or no impact on the speed or power consumption of computer systems. The bonus is that on both systems, the programmer needs to do almost nothing to enhance the program. These ideas may change the way memory safety features are currently supported by processors.

“No-FAT and ZeRO are two major steps to ending a long-standing problem,” said paper co-author Miguel Arroyo PhD’21. “Memory safety attacks have cost the cyber community millions of dollars. Now we can avoid them and keep everyone’s data safe. This is mutually beneficial!”

About research

Publication: Both treatises were presented at the International Symposium on Computer Architecture (ISCA) held on June 16, 2021.

“No-FAT: Architecture Support for Low Overhead Memory Safety Checks”

The authors are: MohamedTarekIbnZiad, Miguel A. Arroyo, Evgeny Manzhosov, Ryan Piersma, and Simha Sethumadhavan Computer Science Division Colombian Engineering

This study was supported by the Air Force Contract FA8750-20-C-0210, unlimited gifts from Bloomberg, and the Qualcomm Innovation Fellowship.

“ZeRØ: Restore zero overhead operations under pointer integrity attack”

The authors are: MohamedTarekIbnZiad, Miguel A. Arroyo, Evgeny Manzhosov, and Simha Sethumadhavan Faculty of Engineering, Faculty of Computer Science

This study was partially supported by gifts from FA8750-20-C-0210, Qualcomm Innovation Fellowship, and Bloomberg.

Make your computer safer-ScienceDaily-IllinoisNews Today

Source link Make your computer safer-ScienceDaily-IllinoisNews Today

Related Articles

Back to top button