ITHACA, N.Y. -- Cornell University has received support from Microsoft Corp. to develop and test new technology that could help protect computers from viruses and other malicious code downloaded from the Internet.
Microsoft has given a grant of $150,000 to the Information Assurance Institute (IAI) at Cornell to develop language-based security for mobile code. The new technology could be tested in future Microsoft products.
"This is a good next step for our research because we want to find out if the approach is practical," said Fred Schneider, Cornell professor of computer science and director of IAI. "The Microsoft operating systems are widely enough used that they make an ideal test."
The term "mobile code" refers to computer programs imported into a computer over a network, then run locally. There is much mobile code already on the Internet -- playing music when a web page opens or delivering animated birthday cards via e-mail, for instance -- and experts see a lot more mobile code in the future. Instead of surfing the web with a single browser, for example, users might download various special applications to access different kinds of information in the most efficient ways.
Unfortunately, mobile code also can deliver viruses, worms and other malicious material, so a local computer needs a way to know if downloaded programs are safe to run.
The approach being explored by IAI researchers, as Schneider describes it, is to have these assurances built into the programs themselves. The compiler -- a system that turns programmer's code into machine-language instructions for the computer -- will prepare a "proof" for each program. The host computer will compare this proof with the actual program to see if it fits, thus verifying that the program actually does what it claims to do, or at least doesn't do anything it shouldn't. In addition, a program called a rewriter modifies portions of a visiting program before execution to add checks that rule out malicious behavior. This is easier than it sounds, because the rewriter would mainly look for "function calls" that tell the operating system to do things like opening, saving and deleting files or communicating over a network. This rewriting technology also can be applied to programs that are not produced by special, trusted compilers, thus offering a general purpose defense against viruses, Schneider says.
A big advantage of this approach, he says, is that the application that does the comparing and rewriting can be very small and simple, not taking up much memory or computer resources to do its job.
Part of Cornell's Faculty of Computing and Information, IAI facilitates cooperation between Cornell computer scientists and researchers at the U.S. Air Force Research Laboratory in Rome, N.Y., to study computer security, methods of ensuring that data is not lost or corrupted, the correctness of software and methods of "data mining," or searching through large collections of information. It was launched in the spring of 2000 with a $1 million annual grant from the Air Force Office of Scientific Research. It recently received an additional $4.6 million over five years from the Department of Defense.
The institute has maintained an ongoing collaboration with Microsoft. Kevin Hamlen, a graduate student working under Schneider and Greg Morrisett, Cornell associate professor of computer science, spent the summer of 2001 working at Microsoft, experimenting with the inclusion of IAI's security ideas into Microsoft's planned next-generation operating environment, which the company calls .NET.
Related World Wide Web sites: The following sites provide additional information on this news release. Some might not be part of the Cornell University community, and Cornell has no control over their content or availability.
o Information Assurance Institute: http://www.cis.cornell.edu/iai/
o Fred Schneider: http://www.cs.cornell.edu/annual_report/99-00/Schneider.htm
o Greg Morrisett: http://www.cs.cornell.edu/Info/People/jgm/home.html