A group of researchers has won a grant to research and develop a modified CPU that can help detect malware and other security anomalies.
The two collaborating teams, at Binghamton University and the University of California-Riverside, believe that a hardware solution is necessary to help mitigate security threats instead of relying entirely on software. The project has been dubbed the “Practical Hardware-Assisted Always-On Malware Detection” and the three-year grant of $275,000 was awarded by the National Science Foundation.
Typically we rely on anti-virus or anti-malware software to scan and detect threats on our computers. The researchers say that they will investigate ways of modifying a computer’s central processing unit that will involve adding “logic” to spot anomalies while running programs. They envision the hardware solution as a “lookout,” which will complement the work of software.
“This project holds the promise of significantly impacting an area of critical national need to help secure systems against the expanding threats of malware,” explained Dmitry Ponomarev, professor of computer science at Binghamton University, the project’s principal investigator.
“The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution,” he added. The researchers admit that no solution they develop will work 100 percent of the time but it is rather intended as an extra layer of defense.
When the hardware component, which will be powered by machine learning, triggers a threat it will alert a “heavyweight software detector” to carry out further analysis and take action.
“The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time,” said Ponomarev.
“The hardware detector’s role is to find suspicious behavior and better direct the efforts of the software.”
Recently the researchers publicly disclosed a serious hardware security vulnerability that allowed them to disable the Address Space Layout Randomization (ASLR) component of an operating system. ASLR randomizes where data is stored on a computer. By disabling this function, a hacker could gain root access to a system and take full control of the computer.
The research was carried out on a Linux system with Intel processors but they claimed that the attack is possible on Windows, Android, and virtualization systems like KVM as well.