Georgios Portokalidis, associate professor in the Department of Computer Science at Stevens Institute of Technology, is using the latest technology to help monitor your smartphone – not to invade your privacy, but to prevent others from doing so.
“With a single message, people can exploit software faults to install malicious functionality like ransomware that puts a second program on your system without any authorization, exposing your email and photographs and location and other personal data,” Portokalidis said. “We want to make things more trustworthy by taking advantage of how new hardware works to offer security services in a very efficient way that can prevent compromise entirely, or at least quickly alert the user that suddenly some personal data has been accessed.”
That’s the goal of his project, “Effective Software Monitoring Leveraging Hardware Debugging Extensions,” which recently was granted a Defense Advanced Research Projects Award (DARPA) Young Faculty Award of $492,491, plus a Director’s Fellowship option of $482,419 for a third year. It’s the first time a Stevens researcher has received this prestigious award.
It's all about trust
Portokalidis’ work aims to leverage state-of-the-art hardware to make security software and services more effective, efficient and affordable.
“One of the major challenges of security is that we have strong security software such as reference monitors that can inspect and identify where the system’s software is not operating as expected or where it appears that the software is being compromised, but then maybe your computer is much slower, or your battery doesn't last as long,” explained Portokalidis. His plan is to create secondary monitors that will increase the trustworthiness of software systems in a way that offers security and maintains utility.
“When processors offer functionality for inspecting programs without impeding performance,” he said, “you could install better monitoring software that would help ensure that your phone is doing only what you expect it to do, and unauthorized people would not get access to it.”
The newest advances in hardware are enabling him to bring his vision to life through the creation of co-processors to monitor and enforce security on mobile devices and servers.
“Now that we can combine processors to do so many things concurrently, and the hardware itself includes much new functionality, it sparked my interest in how we can efficiently take advantage of this concurrency,” Portokalidis noted. “Our plan is to develop technologies that leverage debugging features already found on these modern processors to more efficiently monitor and apply security policies.”
Implementing monitoring software to observe applications and enforce policies can not only be a drag on the system, but can also add significant cost to the process.
“It can be more expensive than changing the software itself to incorporate whatever improvement you want to include,” he said. “We’re investigating whether today’s processors, which are already being used to help developers find bugs, can be repurposed completely as an eye into what software is doing. And because it's done by the processor, it has the potential to be done very affordably.”
That leads to the rest of the project, encompassing the creation of a specialized processor, not for running the smartphone or doing calculations, but for ensuring the security of those existing operational processors.
“There's not a lot of detailed information about how to use this new processing technology, or how to build with it, so we're just discovering how everything is working and then trying to see how viable these ideas will be,” he said. “Working in hardware means sometimes you can do things a lot faster, but working at that level is a lot more complicated. It's a lot easier to write the software application than to create something that runs on the processor level or create a new processor yourself.”
But, as President Theodore Roosevelt once said, “Nothing worth having comes easy.” Portokalidis is excited by his deeply practical research, and he is keeping his eye on the prize of ensuring the software of our daily lives is working as it should.
“Security is a very exciting area because you get to investigate systems that do not operate as advertised or as expected when people subvert the system,” he said. “It's interesting that a security mindset, tied with knowledge of how a system works or where it fails to work as expected, gives rise to all these opportunities for finding and fixing problems.”
Learn more about computer science at Stevens: