UVA Engineering Researcher Has Plan to Defeat the Next Big Cyberattack
When cybersecurity experts are trying to reach the site of a problem, they often leave doors open behind them on the way. Venkat’s decoupled approach will create a security tunnel running through the system so that in the midst of a cyberattack, technicians can rapidly locate the vulnerable component and enforce an appropriate security policy to fix it without opening new entry points for bad actors.
“The decoupled hardware software stack allows security policies to be defined in software, but enforced in hardware, enabling versatility, flexibility and efficiency at the same time,” Venkat said. “In fact, the project’s second objective is to design new computer hardware to enforce emerging cybersecurity measures against a range of attacks without compromising efficiency.”
The third objective is to enable the new hardware to continuously track the flow of information for precise enforcement of software-defined security policies.
Building a Cyber Workforce for the Future
The CAREER AWARD, which totals more than half a million dollars, also has an educational component. As computer software gets more complicated and is made up of increasingly specialized components, it’s getting harder to train the next generation of cyberexperts — both technicians to work on the systems and researchers to assess impending threats.
The goal, Venkat said, is to improve cybersecurity curricula and awareness for high school, vocational and college students. As part of the project, his team will establish a mentorship program for undergraduate students, including groups traditionally underrepresented in engineering and computer science, to help build a cybersecurity workforce for the future.
Finally, Venkat isn’t limiting his approach to cybersecurity defense — he’s also using offensive tactics, known as ethical or “white hat” hacking. The practice uses a team of highly trained ethical hackers to examine a system before a hack occurs.
“You teach students how to ethically hack a system with the goal of better understanding potential vulnerabilities and to improve the security of modern systems,” Venkat said.
His research group earned significant press attention in 2021 for discovering a SECURITY VULNERABILITY that impacted millions of computers with Intel and AMD processors. Subsequent efforts to discover vulnerabilities includes their work on hardware Trojan attacks, which has been nominated for a best paper award at DATE 2023, the Design, Automation and Test in Europe conference.
Real-World Implications for Real People
Venkat is also concerned about building protections against global threats such as the WannaCry ransomware attack in 2017. Exploiting a vulnerability in the Microsoft Windows operating system, WannaCry spread to more than 200,000 computers in 150 countries within days — harming large and small organizations, including hospitals. The malware, which can self-propagate across networks, encrypted the computers’ data and demanded cryptocurrency payments in exchange for returning control of the computers to their owners.
“These attacks can go after anyone, not just huge corporations,” Venkat said. “They can put mom-and-pop companies out of business, they can impact your grandmother. “When companies aren’t able to invest in cybersecurity, sometimes they just go out of business because their insurance premiums become so inflated.”
Venkat’s goal is to create a set of cybersecurity fixes that are economical for individuals and small businesses alike.
“There’s an urgent need for systems that are designed to be secure from inception and to tighten security around already deployed systems vulnerable to attack,” he said. “I’m passionate about this work because, in the end, it’s people who are harmed by zero-day and other cyberattacks.”
Sara Novak is a science journalist. The article was originally posted to the website of the University of Virginia.
