Software security expert Gang Tan secures NSF support to reduce the vulnerability of monolithic systems.
Cybersecurity experts, including the FBI’s top cybersecurity officer, believe that America’s economy, infrastructure and national security are at risk unless major changes are made in technology and the way computer and software networks are protected.
From online buying and vote-counting to air-traffic control and electrical power transmission, says Tan, software is indispensable to everyday life. But as software becomes more prevalent and complex, it becomes more vulnerable to hackers.
Tan has studied software security for more than a decade, and he recently received a fiveyear CAREER Award from NSF to study and develop a type of modular software that is less vulnerable to system-wide attacks by hackers. In his new project, Tan is attempting to apply to software systems the principle of least privilege, a technique used widely in computer security.
“The principle of least privilege is like the separation of powers in a political system,” says Tan, who directs Lehigh’s Security of Software, or SOS, Lab.
“Instead of structuring software as a monolithic system, we break software into multiple modules. Each module works as a separate protection domain. It needs only a very small privilege [access to data and administrative authority] to do its job.
“When software is monolithic, an entire system can be disabled or destroyed by one vulnerability and one lone hacker. When software is broken into smaller modules with individual boundaries, if any one subsystem is taken out, the rest of the system will still function.”
Researchers have made progress in privilege separation in software environments, says Tan, but challenges remain.
Tan proposes a three-part framework to facilitate privilege separation. To isolate domains and monitor the flow of information between them, he will develop a “virtualization layer” using binary rewriting, optimization and verification. A binary-level tool will split an application into modules of least privilege, and a compositional reasoning mechanism will let developers assess an application’s end-to-end information security.
“These new tools will make the principle of least privilege easier to apply to big software systems,” he says. “By monitoring information flow at the binary instead of the sourcelanguage level, it will be easier to check the security properties of individual modules and allow only benign information flow among modules.”
Tan plans to test the effectiveness of his framework on real-world applications, including web browsers and Java virtual machines.