view counter

CybersecuritySoftware “containers” increase computer security

Published 9 October 2017

ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.

The University of Wisconsin–Madison has been awarded a $6.1 million grant from the Office of Naval Research, a division of the United States Department of the Navy. The project is related to software security, manageability and performance.

The new research project involves what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.

Wisconsin says that directing the research for the grant is Professor Somesh Jha of the UW–Madison Computer Sciences Department. UW–Madison has four collaborators on the project: the University of Illinois, Oregon State University, the University of Toronto, and GrammaTech, a computer security firm. Funding will span a five-year period.

According to the firm 451 Research, which analyzes the tech industry, container technologies generated $762 million in revenue in 2016. While containers offer many benefits, they build upon each other and can wind up with many elements that are not necessary for a particular application to run, making them “bloated.”

Bloat is bad, says Jha, because “bloat causes slowdowns, and software becomes harder to manage, and of course security is a big concern. If you are including things (in a container) that are not needed, if any one part of that is compromised, you’re becoming vulnerable.” A security expert, Jha joined the UW–Madison computer sciences faculty in 2000.

The UW–Madison-led project, “Techniques and Tools for De-bloating Containers,” homes in on the bare minimum of what a container needs to do its job in a particular instance. The result is better performance, easier management of software, and — perhaps most importantly — enhanced security.

Jha, working with fellow UW–Madison Professor of Computer Sciences Tom Reps and their colleagues elsewhere, will develop new techniques with widespread impact on an issue that is hidden for most computer users but is critically important.

Reps is also the co-founder of GrammaTech, a security firm with offices in Wisconsin and New York. “The Office of Naval Research has a history of initiating prescient research efforts on computer security problems, well before the issues have bubbled up to the public’s attention,” he says. “The larger ‘Software Customization and Complexity Reduction’ program that we are part of is a creative effort to build the technology base for a win-win: for software to be made to run faster at the same time as its ‘attack surface’ — the number of potentially attackable features — is reduced.”

The research team includes experts in computer systems, system measurement, program analysis and other areas. “The team is right to handle this very complex, large-scale problem,” notes Jha. “And if we can create techniques to decrease container bloat, the potential benefit to society is huge in terms of software performance, security and trustworthiness.”

Wisconsin notes that those concerns and benefits become magnified in a military setting, underscoring the Office of Naval Research’s interest in providing research funding to the nation’s leading computer scientists.