PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Columbia Engineering team builds first hacker-resistant cloud software system

As the first system to guarantee the security of virtual machines in the cloud, SeKVM could transform how cloud services are designed, developed, deployed, and trusted

Columbia Engineering team builds first hacker-resistant cloud software system
2021-05-24
(Press-News.org) New York, NY--May 24, 2021--Whenever you buy something on Amazon, your customer data is automatically updated and stored on thousands of virtual machines in the cloud. For businesses like Amazon, ensuring the safety and security of the data of its millions of customers is essential. This is true for large and small organizations alike. But up to now, there has been no way to guarantee that a software system is secure from bugs, hackers, and vulnerabilities.

Columbia Engineering researchers may have solved this security issue. They have developed SeKVM, the first system that guarantees--through a mathematical proof--the security of virtual machines in the cloud. In a new paper to be presented on May 26, 2021, at the 42nd IEEE Symposium on Security & Privacy, the researchers hope to lay the foundation for future innovations in system software verification, leading to a new generation of cyber-resilient system software.

SeKVM is the first formally verified system for cloud computing. Formal verification is a critical step as it is the process of proving that software is mathematically correct, that the program's code works as it should, and there are no hidden security bugs to worry about.

"This is the first time that a real-world multiprocessor software system has been shown to be mathematically correct and secure," said Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory. "This means that users' data are correctly managed by software running in the cloud and are safe from security bugs and hackers."

The construction of correct and secure system software has been one of the grand challenges of computing. |Nieh has worked on different aspects of software systems since joining Columbia Engineering in 1999. When Ronghui Gu, the Tang Family Assistant Professor of Computer Science and an expert in formal verification, joined the computer science department in 2018, he and Nieh decided to collaborate on exploring formal verification of software systems.

Their research has garnered major interest: both researchers won an Amazon Research Award, multiple grants from the National Science Foundation, as well as a multi-million dollar Defense Advanced Research Projects Agency (DARPA) contract to further development of the SeKVM project. In addition, Nieh was awarded a Guggenheim Fellowship for this work.

Over the past dozen years, there has been a good deal of attention paid to formal verification, including work on verifying multiprocessor operating systems. "But all of that research has been conducted on small toy-like systems that nobody uses in real life," said Gu. "Verifying a multiprocessor commodity system, a system in wide use like Linux, has been thought to be more or less impossible."

The exponential growth of cloud computing has enabled companies and users to move their data and computation off-site into virtual machines running on hosts in the cloud. Cloud computing providers, like Amazon, deploy hypervisors to support these virtual machines.

A hypervisor is the key piece of software that makes cloud computing possible. The security of the virtual machine's data hinges on the correctness and trustworthiness of the hypervisor. Despite their importance, hypervisors are complicated -- they can include an entire Linux operating system. Just a single weak link in the code -- one that is virtually impossible to detect via traditional testing -- can make a system vulnerable to hackers. Even if a hypervisor is written 99% correctly, a hacker can still sneak into that particular 1% set-up and take control of the system.

Nieh and Gu's work is the first to verify a commodity system, specifically the widely-used KVM hypervisor, which is used to run virtual machines by cloud providers such as Amazon. They proved that SeKVM, which is KVM with some small changes, is secure and guarantees that virtual computers are isolated from one another.

"We've shown that our system can protect and secure private data and computing uploaded to the cloud with mathematical guarantees," said Xupeng Li, Gu's PhD student and co-lead author of the paper. "This has never been done before."

SeKVM was verified using MicroV, a new framework for verifying the security properties of large systems. It is based on the hypothesis that small changes to the system can make it significantly easier to verify, a new technique the researchers call microverification. This novel layering technique retrofits an existing system and extracts the components that enforce security into a small core that is verified and guarantees the security of the entire system.

The changes needed to retrofit a large system are quite modest--the researchers demonstrated that if the small core of the larger system is intact, then the system is secure and no private data will be leaked. This is how they were able to verify a large system such as KVM, which was previously thought to be impossible.

"Think of a house--a crack in the drywall doesn't mean that the integrity of the house is at risk," Nieh explained. "It's still structurally sound and the key structural system is good."

Shih-Wei Li, Nieh's PhD student and co-lead author of the study, added, "SeKVM will serve as a safeguard in various domains, from banking systems and Internet of Things devices to autonomous vehicles and cryptocurrencies."

As the first verified commodity hypervisor, SeKVM could change how cloud services should be designed, developed, deployed, and trusted. In a world where cybersecurity is a growing concern, this resiliency is highly in demand. Major cloud companies are already exploring how they can leverage SeKVM to meet this demand.

INFORMATION:

About the Study

The study is titled "A Secure and Formally Verified Linux KVM Hypervisor."

Authors are: Shih-Wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, John Zhuang Hui Department of Computer Science, Columbia Engineering

The study was supported in part by National Science Foundation grants CCF-1918400, CNS-1717801, and CNS-1563555.

Publication Details The study will be presented at the 42nd IEEE Symposium on Security & Privacy on May 26, 2021.

LINKS: Paper: http://www.cs.columbia.edu/~nieh/pubs/ieeesp2021_kvm.pdf DOI: 10.1109/SP40001.2021.00049 http://engineering.columbia.edu/ https://www.ieee-security.org/TC/SP2021/ https://www.linux-kvm.org/page/Main_Page http://www.cs.columbia.edu/~nieh/ http://systems.cs.columbia.edu/ https://www.cs.columbia.edu/~rgu/ https://www.gf.org/announcement-2021/ https://www.amazon.science/research-awards/program-updates/2020-amazon-research-awards-recipients-announced https://scholar.google.com/citations?user=ma7i8i8AAAAJ&hl=en https://shihweili.com/ https://www.cs.columbia.edu

Columbia Engineering Columbia Engineering, based in New York City, is one of the top engineering schools in the U.S. and one of the oldest in the nation. Also known as The Fu Foundation School of Engineering and Applied Science, the School expands knowledge and advances technology through the pioneering research of its more than 220 faculty, while educating undergraduate and graduate students in a collaborative environment to become leaders informed by a firm foundation in engineering. The School's faculty are at the center of the University's cross-disciplinary research, contributing to the Data Science Institute, Earth Institute, Zuckerman Mind Brain Behavior Institute, Precision Medicine Initiative, and the Columbia Nano Initiative. Guided by its strategic vision, "Columbia Engineering for Humanity," the School aims to translate ideas into innovations that foster a sustainable, healthy, secure, connected, and creative humanity.


[Attachments] See images for this press release:
Columbia Engineering team builds first hacker-resistant cloud software system

ELSE PRESS RELEASES FROM THIS DATE:

RMRS scientists recommend approach to adapt to uncertainty in wildland management

2021-05-24
MISSOULA, Mont., May 24, 2021 -- Scientists from the Rocky Mountain Research Station collaborated to explore how research and management can confront increasing uncertainty due to climate change, invasive species, and land use conversion. Wildland management and policy have long depended on the idea that ecosystems are fundamentally static, and periodic events like droughts are just temporary detours from a larger, stable equilibrium. However, ecosystems are currently changing at unprecedented rates. For example, bark beetle infestations, droughts, and severe wildfires have killed large numbers of trees across the western ...

Storytelling reduces pain and stress, and increases oxytocin in hospitalized children

2021-05-24
A new research, carried out by the D'Or Institute for Research and Education (IDOR) and the Federal University of ABC (UFABC), has shown for the first time that storytelling is capable of providing physiological and emotional benefits to children in Intensive Care Units (ICUs). The study was published in the Proceedings of the National Academy of Sciences, the official scientific journal of the National Academy of Sciences of the U.S. The study was led by Guilherme Brockington, PhD, from UFABC, and Jorge Moll, MD, PhD, from IDOR. "During storytelling, something happens that we call 'narrative ...

Enzymes of a feather: CRISPR-Cas components work together to enhance protection from viruses

2021-05-24
Researchers from Skoltech and their colleagues from Russia and the US have shown that the two components of the bacterial CRISPR-Cas immunity system, one that destroys foreign genetic elements such as viruses and another that creates "memories" of foreign genetic elements by storing fragments of their DNA in a special location of bacterial genome, are physically linked. This link helps bacteria to efficiently update their immune memory when infected by mutant viruses that learned to evade the CRISPR-Cas defense. The paper was published in the journal Proceedings of the National Academy of Sciences. CRISPR-Cas, a defense mechanism that provides bacteria with resistance to their viruses (bacteriophages), destroys DNA from ...

Lundquist investigator Wei Yan solves longstanding fallopian tube transport debate

Lundquist investigator Wei Yan solves longstanding fallopian tube transport debate
2021-05-24
LOS ANGELES (May 24, 2021) -- Today, The Lundquist Institute announced that Wei Yan, MD, PhD, and his research group have solved a longstanding mystery and scientific debate about the mechanism underlying the gamete and embryo transport within the Fallopian tube. Using a mouse model where the animals lacked motile cilia in the oviduct, Dr. Yan's group demonstrated that motile cilia in the very distal end of the Fallopian tube, called infundibulum, are essential for oocyte pickup. Disruptions of the ciliary structure and/or beating patterns lead to failure in oocyte pickup and consequently, a loss of female fertility. Interestingly, motile cilia in other parts of the oviduct can facilitate sperm ...

Facilitating speech comprehension in rare inherited hearing loss patients

Facilitating speech comprehension in rare inherited hearing loss patients
2021-05-24
Hearing loss is a disability that affects approximately 5% of the world's population. Clinically determining the exact site of the lesion is critical for choosing a proper treatment for hearing loss. For example, the subjects with damage in sound conduction or mild outer hair cell damage would benefit from hearing aids, while those with significant damage to outer or inner hair cells would benefit from the cochlear implant. On the other hand, the subjects with impairments in more central structures such as the cochlear nerve, brainstem, or brain do not benefit from either hearing aids or cochlear implants. However, the role of impairments in cochlear glial cells in hearing loss is not as well known. While it is known that connexin channels in cochlear glial ...

Dual impacts of extreme heat, ozone disproportionately hurt poorer areas

2021-05-24
Scientists at UC San Diego, San Diego State University and colleagues find that extreme heat and elevated ozone levels, often jointly present during California summers, affect certain ZIP codes more than others. Those areas across the state most adversely affected tend to be poorer areas with greater numbers of unemployed people and more car traffic. The science team based this finding on data about the elevated numbers of people sent to the hospital for pulmonary distress and respiratory infections in lower-income ZIP codes. The study identified hotspots throughout ...

Evacuating under dire wildfire scenarios

Evacuating under dire wildfire scenarios
2021-05-24
In 2018, the Camp Fire ripped through the town of Paradise, California at an unprecedented rate. Officials had prepared an evacuation plan that required 3 hours to get residents to safety. The fire, bigger and faster than ever before, spread to the community in only 90 minutes. As climate change intensifies, wildfires in the West are behaving in ways that were unimaginable in the past--and the common disaster response approaches are woefully unprepared for this new reality. In a recent study, a team of researchers led by the University of Utah proposed a framework for simulating dire scenarios, which the authors define as scenarios where there is less time to ...

Sterilizing skeeters

2021-05-24
Mosquitoes are one of humanity's greatest nemeses, estimated to spread infections to nearly 700 million people per year and cause more than one million deaths. UC Santa Barbara Distinguished Professor Craig Montell has made a breakthrough in one technique for controlling populations of Aedes aegypti, a mosquito that transmits dengue, yellow fever, Zika and other viruses. The study, published in the Proceedings of the National Academy of Sciences, documents the first use of CRISPER/Cas9 gene editing to target a specific gene tied to fertility in male mosquitoes. The researchers were then able to discern how this mutation can suppress ...

Corn ethanol reduces carbon footprint, greenhouse gases

2021-05-24
A study conducted by researchers at the U.S. Department of Energy's (DOE) Argonne National Laboratory reveals that the use of corn ethanol is reducing the carbon footprint and diminishing greenhouse gases. The study, recently published in Biofuels, Bioproducts and Biorefining, analyzes corn ethanol production in the United States from 2005 to 2019, when production more than quadrupled. Scientists assessed corn ethanol's greenhouse gas (GHG) emission intensity (sometimes known as carbon intensity, or CI) during that period and found a 23% reduction in CI. According ...

Chemical changes to peptide siRNA-carrier enhance gene silencing for future cancer drugs

Chemical changes to peptide siRNA-carrier enhance gene silencing for future cancer drugs
2021-05-24
MUSC Hollings Cancer Center researchers are exploring the use of peptide carriers for the delivery of small RNA drugs as a novel treatment for cancer. The team's recent work, published online March 19 in the Molecular Therapy - Nucleic Acids journal, lays the foundation for developing a clinically relevant peptide carrier RNAi-based drug treatment strategy for human oral cancer. According to the American Cancer Society, the estimated risk of developing oral cancer in the U.S. is 1 in 60 for men and 1 in 140 for women. Cancer therapies face multiple challenges, including off-target side effects and low efficacy. ...

LAST 30 PRESS RELEASES:

High-quality nanodiamonds for bioimaging and quantum sensing applications

New clinical practice guideline on the process for diagnosing Alzheimer’s disease or a related form of cognitive impairment or dementia

Evolution of fast-growing fish-eating herring in the Baltic Sea

Cryptographic protocol enables secure data sharing in the floating wind energy sector

Can drinking coffee or tea help prevent head and neck cancer?

Development of a global innovative drug in eye drop form for treating dry age-related macular degeneration

Scientists unlock secrets behind flowering of the king of fruits

Texas A&M researchers illuminate the mysteries of icy ocean worlds

Prosthetic material could help reduce infections from intravenous catheters

Can the heart heal itself? New study says it can

Microscopic discovery in cancer cells could have a big impact

Rice researchers take ‘significant leap forward’ with quantum simulation of molecular electron transfer

Breakthrough new material brings affordable, sustainable future within grasp

How everyday activities inside your home can generate energy

Inequality weakens local governance and public satisfaction, study finds

Uncovering key molecular factors behind malaria’s deadliest strain

UC Davis researchers help decode the cause of aggressive breast cancer in women of color

Researchers discovered replication hubs for human norovirus

SNU researchers develop the world’s most sensitive flexible strain sensor

Tiny, wireless antennas use light to monitor cellular communication

Neutrality has played a pivotal, but under-examined, role in international relations, new research shows

Study reveals right whales live 130 years — or more

Researchers reveal how human eyelashes promote water drainage

Pollinators most vulnerable to rising global temperatures are flies, study shows

DFG to fund eight new research units

Modern AI systems have achieved Turing's vision, but not exactly how he hoped

Quantum walk computing unlocks new potential in quantum science and technology

Construction materials and household items are a part of a long-term carbon sink called the “technosphere”

First demonstration of quantum teleportation over busy Internet cables

Disparities and gaps in breast cancer screening for women ages 40 to 49

[Press-News.org] Columbia Engineering team builds first hacker-resistant cloud software system
As the first system to guarantee the security of virtual machines in the cloud, SeKVM could transform how cloud services are designed, developed, deployed, and trusted