Fighting the Next Generation of Cyberattacks
April 16, 2015
The next generation of cyberattacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation’s computer systems.
So the U.S. Department of Defense has given a $3 million grant to a team of computer scientists from the University of Utah and University of California, Irvine, to develop software that can hunt down a new kind of vulnerability that is nearly impossible to find with today’s technology.
The team is tasked with creating an analyzer that can thwart so-called algorithmic attacks that target the set of rules or calculations that a computer must follow to solve a problem. Algorithmic attacks are so new and sophisticated that only hackers hired by nation states are likely to have the resources necessary to mount them, but perhaps not for long.
“The military is looking ahead at what’s coming in terms of cybersecurity and it looks like they’re going to be algorithmic attacks,” says Matt Might, associate professor of computer science at the University of Utah and a co-leader on the team.
“Right now, the doors to the house are unlocked so there’s no point getting a ladder and scaling up to an unlocked window on the roof,” Might says of the current state of computer security. “But once all the doors get locked on the ground level, attackers are going to start buying ladders. That’s what this next generation of vulnerabilities is all about.”
Typically, software vulnerabilities today rely on programmers making mistakes while creating their programs and hackers will exploit those mistakes. For example, the software will receive a programming input crafted by a hacker and use it without automatically validating it first. That could result in a vulnerability giving the hacker access to the computer or causing it to leak information.