The MIT News Office reported today about the work of EECS Professor and CSAIL principal investigator Martin Rinard and his team to devise a system that has been shown to be highly effective in preventing cyber attack from shutting down web servers and any internet-connected computers.
The work was funded largely by the U.S. Defense Department’s Defense Advanced Research Projects Agency (DARPA), and in a pair of tests whose thoroughness is unusual in academia, DARPA hired a group of computer security professionals outside MIT to try to bring down a test network protected by the new system. In both tests, says Martin Rinard, the professor of electrical engineering and computer science who led the research, the system exceeded all the performance criteria that DARPA set for it.
During normal operation, the MIT team's system monitors the programs running on an Internet-connected computer to determine the normal range of behavior, and during an attack, it simply refuses to let them (the servers/computers) wander outside that range.
Of course, the data may not be of a type that belongs at either of those locations. And the system will modify behaviors that could be even more disruptive than data storage. But in sites with large banks of servers, the MIT system gets several chances to find the best response to an attack. If storing at location A causes one server in the bank to crash, the MIT system will tell the other servers to store it at location B, instead.
“The idea is that you’ve got hundreds of machines out there,” Rinard says. “We’re saying, ‘Okay, fine, you can take out six or 10 of my 200 machines.’” But, he adds, “by observing what happens with the executions of those six or 10 machines, we’ll be able to deploy patches out to protect the rest of the machines.” The entire process of recognizing an attack, testing a number of countermeasures and deploying the most effective ones can take a matter of seconds.
Other members of the team include EECS faculty member Saman Amarasinghe and CSAIL research scientist Jeff Perkins, Postdoctoral Fellow Stelios Sidiroglou-Douskos and Professor Michael Ernst, now at the University of Washington.