- University researchers have presented a novel I/O separation model that guarantees secure computing.
- This system would keep user data safe from malware even if the OS has been severely compromised.
- The development of the model is still underway, and it would be a few years more before it gets commercialized.
A team of researchers at the Carnegie Mellon University CyLab claim to have developed an uncompromisable computing environment that would be safe to use and trust to input sensitive data on even if it has been infected by malware. The key is a new kind of I/O separation model that can effectively isolate applications running on any operating system, separating all types of I/O hardware and I/O kernels. What this means in practice is that malware wouldn’t be able to access keystrokes, capture screenshots, modify data of plugged-in USB sticks, etc.
The team has presented this new system during the recent IEEE Symposium on Security and Privacy, claiming that their model is the first mathematically proven isolation system that confidently achieves the required level of separation. As such, it is the only model that can guarantee security in any environment, no matter whether it is ridden with malware or supposedly clean. From a practical perspective, this is extremely important because, simply put, nobody can ever be absolutely certain that a system hasn’t been infected by malware.
Virgil Gligor, a professor of Electrical and Computer Engineering in CyLab and a co-author of the work has stated the following:
In contrast to our platform, most existing endpoint-security tools such as antivirus or firewalls offer only limited protection against powerful cyberattacks. None of them achieve the high assurance of our platform. Protection like this has not been possible to date. Businesses, governments, and industries can benefit from using this platform and its VDI application because of the steady and permanent shift to remote work and the need to protect sensitive applications from future attacks. Consumers can also benefit from adopting this platform and its VDI clients to secure access banking and investment accounts, perform provably secure e-commerce transactions, and protect digital currency.
As for when this secure computing environment will be commercially available, it is important to clarify that it’s still under development and further evaluation. The researchers definitely plan to commercialize it in the coming years, but this may take a while. If the project is snatched or supported by a tech company that has the resources to move things forward quickly, we may see something landing sooner.