Every time you buy something from Amazon, your customer data is automatically updated and stored on thousands of virtual machines in the cloud. For companies like Amazon, keeping the data of its millions of customers safe and secure is critical. This is true for large and small organizations alike. But until now, there was no way to guarantee that a software system is safe from bugs, hackers and vulnerabilities.
Columbia Engineering researchers may have resolved this security issue. They developed SeKVM, the first system that guarantees, through mathematical proof, the security of virtual machines in the cloud. In a new paper to be presented on May 26, 2021, at the 42nd IEEE Symposium on Security and Privacy, researchers hope to lay the groundwork for future innovations in system software verification, leading to a new generation of cyber-system software. resilient.
SeKVM is the first formally verified system for cloud computing. Formal verification is a critical step because it is the process of proving that the software is mathematically correct, that the program code works as it should, and that there are no hidden security bugs to worry about.
“This is the first time that a real-world multiprocessor software system has been shown to be mathematically correct and safe,” said Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory. “This means that user data is properly managed by software running in the cloud and is safe from security bugs and hackers.”
Building correct and secure system software has been one of the great challenges in computing. | Nieh has worked on different aspects of software systems since joining Columbia Engineering in 1999. When Ronghui Gu, an assistant professor of Tang family computer science and formal verification expert, joined the computer science department in 2018, he and Nieh decided to collaborate on the exploration of formal verification of software systems.
Their research has generated major interest: the two researchers have won an Amazon Research Award, several grants from the National Science Foundation, as well as a multimillion-dollar contract from the Defense Advanced Research Projects Agency (DARPA) to continue development of the SeKVM project. Additionally, Nieh received a Guggenheim Fellowship for this work.
Over the past twelve years, much attention has been paid to formal verification, including work on verification of multiprocessor operating systems. “But all of this research was done on small toy-like systems that nobody uses in real life,” Gu said. “Verifying a basic multi-processor system, a widely used system like Linux, was considered more or less impossible.”
The exponential growth of cloud computing has allowed businesses and users to move their offsite data and compute to virtual machines running on hosts in the cloud. Cloud computing providers, like Amazon, deploy hypervisors to support these virtual machines.
A hypervisor is the key software that makes cloud computing possible. Virtual machine data security relies on the accuracy and reliability of the hypervisor. Despite their importance, hypervisors are complicated – they can include a full Linux operating system. A single weak link in the code – a link virtually impossible to detect through traditional testing – can leave a system vulnerable to hackers. Even if a hypervisor is 99% correctly written, a hacker can still sneak into that particular 1% configuration and take control of the system.
Nieh and Gu’s work is the first to verify a core system, specifically the widely used KVM hypervisor, which is used to run virtual machines by cloud providers such as Amazon. They proved that SeKVM, which is KVM with some minor changes, is secure and ensures that virtual machines are isolated from each other.
“We have shown that our system can protect and secure private data and computing uploaded to the cloud with mathematical safeguards,” said Xupeng Li, Gu’s doctoral student and co-lead author of the paper. “It’s never been done before.”
SeKVM has been verified using MicroV, a new framework for verifying the security properties of large systems. It’s based on the assumption that small changes to the system can make it much easier to verify, a new technique the researchers call microverification. This new layering technique modernizes an existing system and extracts the components that enhance security into a small core that is verified and guarantees the security of the entire system.
The changes needed to modernize a large system are quite modest – researchers have demonstrated that if the small kernel of the larger system is intact, then the system is secure and no private data will be leaked. This is how they were able to verify a large system such as KVM, which was previously considered impossible.
“Think of a house – a crack in the drywall doesn’t mean the integrity of the house is at risk,” Nieh explained. “It’s still structurally sound and the key structural system is good.”
Shih-Wei Li, Nieh’s PhD student and co-lead author of the study, added, “SeKVM will serve as protection in various fields, from banking systems and Internet of Things devices to autonomous vehicles and cryptocurrencies.”
As the first verified commodity hypervisor, SeKVM could change the way cloud services should be designed, developed, deployed and trusted. In a world where cybersecurity is a growing concern, this resilience is in high demand. Large cloud companies are already exploring how they can leverage SeKVM to meet this demand.
Comments are closed.