recommended reading

New recovery system restores virus-infected computers, could be used by agencies

Massachusetts Institute of Technology researchers backed by funding from government contractor Northrop Grumman Corp. have developed a tool that serves as an undo button to restore computers after they are infected by viruses, a computer scientist leading the effort said.

The so-called intrusion recovery system is one of about a dozen research projects under way at MIT, as well as Purdue and Carnegie Mellon universities, sponsored by the Northrop Grumman Cybersecurity Research Consortium for possible deployment at government agencies. The industry-academia partnership, which was established in late 2009, shared some of its progress with reporters Wednesday.

For its part, Northrop Grumman has contributed a giant database comprised of tens of thousands of viruses and other malicious software that the researchers are using to test their work. One finding: The "Stuxnet" malware that apparently dented Iran's nuclear program by sabotaging the systems that operate reactors "was obviously written by a team of experts as opposed to a single person," said Robert Brammer, the company's information systems chief technology officer.

The worm -- about a million and a half lines of code -- is far larger and more sophisticated than the majority of viruses and reflects tremendous expertise in industrial control systems, he explained.

Computers overtaken by viruses far less vicious than Stuxnet -- or perhaps more so in the future -- can take days of wasted energy to fix. Often, employees inadvertently install such malware simply by downloading corrupted screen savers or greeting cards off the Internet.

"Many machines are compromised daily with backdoors for attackers to remotely log in to machines," said MIT computer science professor Ronald L. Rivest, adding that another big pest are botnets that hijack computers to distribute spam or inundate websites with useless traffic to halt service.

The goal of the MIT team's undo project is to automate the job of restoring systems after a breach.

"When an intrusion is detected, our system rolls back any files affected by the attack . . . and re-executes any legitimate computations -- of course skipping the attack itself," he said. "This both reverts the attack and preserves changes made by legitimate users in the meantime."

The apparatus works by, first, recording a history of all computations performed by a user and then retracing the actions to pinpoint when and where a botnet or backdoor penetrated the system, he said.

Northrop Grumman officials said some of consortium's initiatives would be ready for the federal government to use within the next two years, but the timeline for agency acquisitions is out of the consortium's control.

One concern that researchers are grappling with is the unintended consequences of their security innovations -- such as filters that oppressive regimes modify to cut off Internet access or track dissidents online.

This is not a new stressor for academics. Alfred Nobel, who invented dynamite, suffered the same cognitive dissonance and went on to found the Nobel Peace Prize, said Eugene H. Spafford, executive director of Purdue's Center for Education and Research in Information Assurance and Security. "He was horrified by some of the uses in warfare," Spafford said.

Purdue addresses the issue of nefarious applications of research by requiring students to take ethics courses. "We have deep discussions about privacy and about the appropriate use of technology and we try to ensure that as we look at how the technology is developed, there is broad discussion both of where the technologies can be used and how the people developing them should ensure that there is some attention paid" to civil liberties, he said.

On Monday, a separate group of researchers assembled by Washington think tank Center for a New American Security, issued cybersecurity recommendations -- one of which is a White House commission on the future of Internet security.

The task force, comprised of government, industry and academic experts, would grapple with how to change the underpinnings of the Internet to make the architecture more secure. Robert Kahn, who co-invented today's Internet infrastructure, devoted a chapter of the roughly 300-page report to the idea of defending systems by assigning and inserting trusted identity codes for every user and device.

Threatwatch Alert

Stolen credentials

14M University Email Accounts for Sale on Dark Web

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.