In the coming future, protection of sensitive information such as passwords, credit card numbers will require less computational work. Scientists at Max Planck Institute for Software Systems in Kaiserslautern and Saarbrücken have developed a new technology known as ERIM for isolating software components from one another. With the help of this, sensitive data can be protected from hackers when it is processed in online transactions. This technique has nearly three to five times less computational overhead than the last isolation technology. As a result, it is more suitable for use in online transactions. For this, the researchers were awarded the Internet Defense Prize 2019 by USENIX and Facebook.
Different types of security technologies such as firewalls help in protecting the computer programs from malicious softwares. Even a small security lapse can lead to hackers accessing the components of a software. It can also go as far as hackers accessing the financial details of the users’ accounts and making credit card transactions with them. As an example, the Heartbleed bug in the OpenSSL encryption software made the usernames and passwords of different online services vulnerable to hackers.
For preventing these attacks, developers can isolate different software components similar to the walls of a fortress preventing access to its central area even if attackers manage to overcome the external obstacles. The current isolation methods often require upto 30 percent more CPU power and many servers running simultaneously which increase the infrastructure costs. Deepak Garg, a leading researcher at Max Planck Institute said that many services do not believe in the justification of the greater costs and hence do not use the isolation methods. He added that their isolation technique uses only five percent more time for computation which makes it attractive to the companies. This is the reason they have been awarded the lucrative 100,000 USD prize by USENIX and Facebook.
A team led by Deepak Garg and Peter Druschel, director at Max Planck Institute for Software Systems combined a hardware feature which was introduced by Intel in their microprocessors with software for building the isolation method. The new hardware feature is known as MPK or Memory Protection Keys.
MPK on its own cannot isolate the components as it can still be exploited by clever attackers. MPK was used with another method known as instruction rewriting. Peter Druschel said that the code of a software can be written in such a manner that an attacker cannot exploit the “walls” of the components. This is done keeping the purpose of the software intact. Both these methods can be used to divide the memory of software with very less computational work thus isolating the parts from one another. Remaining isolation technologies access the kernel of the operating system for this purpose thereby using more computational effort. With increase in the pace of software development, the practicality of data protection has to be maintained. This often involves unconventional approaches.