CYBERSECURITYUVA Engineering Researcher Has Plan to Defeat the Next Big Cyberattack
“Zero-day attacks” are the cyberattacks that disable large-scale computer programs, catching their victims off guard. In recent years, they’ve been happening more often and have become increasingly difficult to fix. From zero-day to ransomeware attacks, UVA’s Ashish Venkat believes cybersecurity should be fast and affordable for all.
They’re called “zero-day attacks” and they keep cybersecurity experts like Ashish Venkat up at night.
These are the cyberattacks that disable large-scale computer programs, catching their victims off guard. In recent years, they’ve been happening more often and have become increasingly difficult to fix.
“The term zero-day attack means that a developer didn’t know about the flaw beforehand giving them zero days to fix it,” said VENKAT, the William Wulf Career Enhancement Assistant Professor in the Department of Computer Science at the University of Virginia School of Engineering and Applied Science. “A new attack is discovered every 17 days and it takes an average of 15 days to patch these vulnerabilities.”
Vulnerabilities Are Costly to Patch
Companies large and small as well as individuals spend far too much time and money fixing these flaws. And, Venkat said, they end up introducing more vulnerabilities while they’re trying to patch old ones.
Venkat recently received a CAREER AWARD from the National Science Foundation with the goal of solving these urgent issues. It’s one of the NSF’s most prestigious awards in support of early-career faculty who have the potential to lead advances from within their field. Venkat joined the University of Virginia in 2018 shortly after obtaining his Ph.D. from the University of California San Diego.
His fix could both reduce attack response time and protect programs from other attacks while an issue is being mitigated. Venkat’s team will develop a “decoupled” security response, which means designing a holistic security-centric hardware software stack that allows technicians to go into a computer system to fix a vulnerability through a separate security entrance, on demand and in the field.
Innovation Could Lead to Faster Response Time
“As long as computer systems have flaws, cybercriminals will try to exploit them,” said SANDHYA DWARKADAS, the Walter N. Munster Professor and chair of computer science at UVA. “Ashish’s proposed stack is an innovative use of integrated hardware and software components dedicated to security functions. His project addresses a critical need and I look forward to following his progress.”
Venkat’s system could help him stop emerging zero-day cyberattacks within 24 to 48 hours, 13 days faster than the average response time today. His solution also could reduce the significant time and dollar costs of frequent patching, redeployment and hardware upgrades.
