Researcher Combats Hackers With Software Subterfuge

Story posted August 10, 2011

Daniela Oliveira

A decade ago, when cyber crime and remote attacks were practically nonexistent, Daniela Oliveira's research would have sounded farfetched. Terms like "malware" (malicious software), worms, Trojans and botnets weren't exactly household words.

These days, the Bowdoin assistant professor of computer science finds herself in the computer security fast lane with new research using virtual machines.

A virtual machine (VM) is a high-level software designed to emulate a computer's hardware. It tricks a computer's operating system, such as Windows or Mac or Linux, into believing the VM is the central processing unit, physical memory, hard disk, and network.

VMs can be used to run more than one operating system at once on a single computer—each believing it is the only resident, that it owns and controls the hardware underneath. This software subterfuge lets researchers add more functionality to the hardware without having to do a physical upgrade.

virtual-machine graphic
The virtual machine (VM) software runs on an operating system just like any application, such as a browser or text editor. On top of each VM, however, it is possible to have different guest operating systems (OS) which will run their own independent guest applications. An attack in one instance of a VM will have no impact in other instances nor the host OS.

It also allows users to protect operating systems from attacks by malware by isolating the breached operating system from other operating systems running on the same computer.

"We have a legacy of software and hardware that never were designed with security in mind," says Oliveira. "It wasn't a problem 12 years ago. Hackers were kids, teenagers, they just did everything for fun, to make a point. Now we have actual criminal organizations, Tony Soprano stuff. No computer is safe."

With the support of Bowdoin IT, Oliveira has established her own secured network at the College where Bowdoin students can work with her on high-level protections issues, much of it centering on virtual machines.

"The people of this generation are going to be the ones who are rethinking the Internet architecture," notes Oliveira. " If we don't have brilliant minds looking at these problems ... what's going to happen?"

Much of her current research centers on the use of VMs to combat malware and attackers targeting operating systems. A prime example are "keyloggers," a type of malware an attacker can install on a computer that accesses and logs personal information a user types on a keyboard.

Oliveira explains: "Let's say you are in a cybercafe trying to access your bank account. A keylogger logs every key you type and can steal your Facebook password or email credentials. If you use a public computer, the chance there is software like that installed is high."

Oliveira and student researcher John Coster '12.

Oliveira is trying to expand the capabilities between VMs and operating systems so they can communicate about potentially sensitive information, thwarting malware attacks.

Her work gets more granular, personal even, in another project that centers on social media.Using her own Facebook site as a test model, Oliveira and student researcher John Coster '12 are working to develop new Internet security tools based on social trust.

"So far, security approaches consider all data coming from the Internet as suspicious," says Oliveira. "But this approach is too restrictive these days since users satisfy most of their computing needs using a browser connected to the Internet."

She and Coster are studying the Facebook platform to build a prototype where they can infer trust values between two connected users using machine learning techniques. Coster is logging every transaction on Oliveira's Facebook page, tracking events including the number of times she posts on friends' walls, whether her friends are in the same network, if they are relatives, or how many "likes" they have in common.

With this data, they are trying to develop a classifier that automatically assigns trust values to friends. Then they will use mathematical models to propagate these trust values between any two users— even if they are not directly connected. Depending on the trust value, a socially-aware operating system might restrict access to processes or any activity originating from these data.

Oliviera and student researcher John Coster '12 are working to develop new Internet security tools based on social trust.

A trust-rating security system is important, says Coster, as the roster of Facebook friends grows well beyond the circle of personal acquaintance: "Ideally, a user could manually assign values to friends, but in the case where folks have thousands of friends, we want a more automated way of going about it," he says.

With support from Maine Space Grant Consortium and the Gibbons Fellowship, Victor Wong '13 and Brian Jacobel '14 also are working with Daniela over the summer on a range of computer security projects.

"I see this as an opportunity for students who like computer science to make a positive impact in the world," says Oliveira. "Malicious hacking is an underground economy that is so powerful. It's like an arms race. We need to have people who will be able to join security researchers and professionals. Our students can make a real difference."

« Back | Campus News | Academic Spotlight | | Subscribe to Bowdoin News by Email