recommended reading

New recovery system restores virus-infected computers, could be used by agencies

Massachusetts Institute of Technology researchers backed by funding from government contractor Northrop Grumman Corp. have developed a tool that serves as an undo button to restore computers after they are infected by viruses, a computer scientist leading the effort said.

The so-called intrusion recovery system is one of about a dozen research projects under way at MIT, as well as Purdue and Carnegie Mellon universities, sponsored by the Northrop Grumman Cybersecurity Research Consortium for possible deployment at government agencies. The industry-academia partnership, which was established in late 2009, shared some of its progress with reporters Wednesday.

For its part, Northrop Grumman has contributed a giant database comprised of tens of thousands of viruses and other malicious software that the researchers are using to test their work. One finding: The "Stuxnet" malware that apparently dented Iran's nuclear program by sabotaging the systems that operate reactors "was obviously written by a team of experts as opposed to a single person," said Robert Brammer, the company's information systems chief technology officer.

The worm -- about a million and a half lines of code -- is far larger and more sophisticated than the majority of viruses and reflects tremendous expertise in industrial control systems, he explained.

Computers overtaken by viruses far less vicious than Stuxnet -- or perhaps more so in the future -- can take days of wasted energy to fix. Often, employees inadvertently install such malware simply by downloading corrupted screen savers or greeting cards off the Internet.

"Many machines are compromised daily with backdoors for attackers to remotely log in to machines," said MIT computer science professor Ronald L. Rivest, adding that another big pest are botnets that hijack computers to distribute spam or inundate websites with useless traffic to halt service.

The goal of the MIT team's undo project is to automate the job of restoring systems after a breach.

"When an intrusion is detected, our system rolls back any files affected by the attack . . . and re-executes any legitimate computations -- of course skipping the attack itself," he said. "This both reverts the attack and preserves changes made by legitimate users in the meantime."

The apparatus works by, first, recording a history of all computations performed by a user and then retracing the actions to pinpoint when and where a botnet or backdoor penetrated the system, he said.

Northrop Grumman officials said some of consortium's initiatives would be ready for the federal government to use within the next two years, but the timeline for agency acquisitions is out of the consortium's control.

One concern that researchers are grappling with is the unintended consequences of their security innovations -- such as filters that oppressive regimes modify to cut off Internet access or track dissidents online.

This is not a new stressor for academics. Alfred Nobel, who invented dynamite, suffered the same cognitive dissonance and went on to found the Nobel Peace Prize, said Eugene H. Spafford, executive director of Purdue's Center for Education and Research in Information Assurance and Security. "He was horrified by some of the uses in warfare," Spafford said.

Purdue addresses the issue of nefarious applications of research by requiring students to take ethics courses. "We have deep discussions about privacy and about the appropriate use of technology and we try to ensure that as we look at how the technology is developed, there is broad discussion both of where the technologies can be used and how the people developing them should ensure that there is some attention paid" to civil liberties, he said.

On Monday, a separate group of researchers assembled by Washington think tank Center for a New American Security, issued cybersecurity recommendations -- one of which is a White House commission on the future of Internet security.

The task force, comprised of government, industry and academic experts, would grapple with how to change the underpinnings of the Internet to make the architecture more secure. Robert Kahn, who co-invented today's Internet infrastructure, devoted a chapter of the roughly 300-page report to the idea of defending systems by assigning and inserting trusted identity codes for every user and device.

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.