UPDATED 14:20 EST / NOVEMBER 20 2014

Researchers develop software that heals itself after malware infection

skull-and-biohazard-symbol-malware-virusResearchers at University of Utah have written security software that can recognize virus infections and repair the damage. The software reportedly managed to deal with the known Shellshock bug within minutes.

The software is called A3 and runs within a virtual machine. A3, an abbreviation of Advanced Adaptive Applications, comprises several debuggers that run simultaneously on top of each other. The programs monitor each other and the virtual machine with the intent of detecting abnormal activity.When something odd crops up, A3 then intervenes.

A3 is co-developed by Massachusetts-based defense contractor, Raytheon BBN, and was funded by Clean-Slate Design of Resilient, Adaptive, Secure Hosts, a program of the Defense Advanced Research Projects Agency (DARPA). Eric Eide, University of Utah research assistant professor of computer science, is leading the university’s A3 team with U computer science associate professor John Regehr.

The research paper says the initial evaluation of the A3 execution container and constituent prevention-focused mediation and adaptive response indicates that the middleware-based, near-application and application-specific cyber-defense can be effective against novel attacks whose signatures are not known, and such defenses can be mounted effectively.

A3 software is designed to protect Linux servers against malware. The university previously worked on Darpa project with the research institute of the US Department of Defense. The development process took four years and the A3 software was first demonstrated in this September only. The software is available as open source but there is no plan yet to make a commercial version.

“A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet,” Eide says.

How it works

A3 runs in a virtual machine and ensures the proper functioning of the operating system and applications. If something suspicious happens, the A3 software can intervene, neutralize the strange event and undo any damage. Furthermore, the software is able to prevent similar attacks in the future.

A3 is composed of several layers of debuggers that rotate and continuously monitor the virtual machine to detect abnormal behavior. Unlike a conventional antivirus on a consumer PC, which make use of virus catalogs, A3 can detect an unknown virus or malware automatically perceiving that something unusual is happening.

To test the effectiveness of the solution, researchers and Raytheon BBN made ​​a demonstration at DARPA based on Shellshock flaw that affects the online tool Bash commands. A3 discovered the Shellshock attack on a Web server and repaired the damage in four minutes, Eide says. The team also tested A3 successfully on another half-dozen pieces of malware.

Now that the tests have validated the technology, scientists wish to improve their project and find a way to use it in the cloud. Its main uses are in the military to ensure continuity of applications. A3 could also interest Web services such as Amazon and others to detect and block an attack and repair in minutes without having to stop the servers.

“It is a pretty big deal that a computer system could automatically, and in a short amount of time, find an acceptable fix to a widespread and important security vulnerability,” says Eide. “It’s pretty cool when you can pick the Bug of the Week and it works.”

For future release, the researchers aim to enhance the A3 policies in developing observers for more A3-protected Application under attack sophisticated compromised behavior and undesirable conditions than process crash. The team is using Virtual Machine Introspection (VMI) and application-specific invariants to implement these observers.

photo credit: mugley via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU