New York, NY – May 24, 2021 – Every time you buy something from Amazon, your customer data is automatically updated and stored on thousands of virtual machines in the cloud. For companies like Amazon, ensuring the safety and security of the data of its millions of customers is essential. This is true for large and small organizations. But until now, there was no way to guarantee that a software system is protected against bugs, hackers, and vulnerabilities.
Columbia Engineering researchers may have solved this safety issue. They developed SeKVM, the first system that guarantees, through mathematical proof, the security of virtual machines in the cloud. In a new paper to be presented on May 26, 2021 at the 42nd IEEE Security and Privacy Symposium, researchers hope to lay the groundwork for future innovations in system software verification, leading to a new generation of cyber-resilient system software. .
SeKVM is the first formally verified system for cloud computing. Formal verification is a critical step because it involves proving that the software is mathematically correct, that the program code is working as it should, and that there are no hidden security bugs to worry about.
“This is the first time that a real multiprocessor software system has proven to be mathematically correct and secure,” said Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory. “This means that user data is properly managed by software running in the cloud and is safe from security bugs and hackers. “
One of the great challenges of IT has been to build correct and secure system software. | Nieh has worked on various aspects of software systems since joining Columbia Engineering in 1999. When Ronghui Gu, Tang family assistant professor of computer science and formal audit expert, joined the computer science department in 2018, he and Nieh decided to collaborate on exploring the formal verification of software systems.
Their research generated major interest: the two researchers won an Amazon Research Award, several grants from the National Science Foundation, as well as a multi-million dollar contract with the Defense Advanced Research Projects Agency (DARPA) to continue development. of the SeKVM project. Additionally, Nieh received a Guggenheim Fellowship for this work.
Much attention has been paid to formal auditing over the past twelve years, including work on auditing multiprocessor operating systems. “But all of this research was done on little toy-like systems that no one uses in real life,” Gu said. “Testing a base multiprocessor system, a widely used system like Linux, was considered more or less impossible. “
The exponential growth of cloud computing has allowed businesses and users to move their data and computation offsite to virtual machines running on hosts in the cloud. Cloud computing providers, like Amazon, deploy hypervisors to support these virtual machines.
A hypervisor is the key piece of software that makes cloud computing possible. The security of virtual machine data depends on the accuracy and reliability of the hypervisor. Despite their importance, hypervisors are complicated: they can include an entire Linux operating system. A single weak link in the code, which is virtually impossible to detect through traditional testing, can leave a system vulnerable to hackers. Even if a hypervisor is written 99% correctly, an attacker can still sneak into that particular 1% setup and take control of the system.
Nieh and Gu’s work is the first to verify a core system, especially the widely used KVM hypervisor, which is used to run virtual machines by cloud providers such as Amazon. They proved that SeKVM, which is KVM with a few small changes, is secure and ensures that virtual machines are isolated from each other.
“We have shown that our system can protect and secure private and computer data uploaded to the cloud with mathematical guarantees,” said Xupeng Li, Gu doctoral student and lead co-author of the article. “It has never been done before.”
SeKVM has been verified using MicroV, a new framework for verifying the security properties of mainframe systems. It’s based on the hypothesis that small changes to the system can make it considerably easier to check, a new technique researchers are calling microvertification. This new layering technique modernizes an existing system and extracts the components that enhance security into a small kernel that is verified and ensures the security of the entire system.
The changes needed to modernize a large system are quite modest – researchers have shown that if the small kernel of the larger system is intact, then the system is secure and no private data will be disclosed. This is how they were able to verify a large system such as KVM, which was previously considered impossible.
“Think of a house – a crack in the drywall doesn’t mean the integrity of the house is at risk,” Nieh explained. “It’s still structurally sound and the key structural system is good. “
Shih-Wei Li, Nieh’s doctoral student and co-lead author of the study, added, “SeKVM will serve as a safeguard in various fields, from banking systems and Internet of Things devices to autonomous vehicles and crypto. -coins.
As the first verified product hypervisor, SeKVM could change the way cloud services should be designed, developed, deployed and trusted. In a world where cybersecurity is a growing concern, this resilience is in high demand. Large cloud companies are already exploring how they can leverage SeKVM to meet this demand.
Comments are closed.