Columbia Professor Develops a Technique to Thwart Cyber Attacks

Simha Sethumadhavan, associate professor of Computer Science at Columbia Engineering, is leading a research team that’s building security mechanisms into the interface between a computer’s hardware and software. Designing security into any computer system – a car, a data center, a thermostat or a phone – is a common aspirational goal for researchers. In practice, though, security design is often hindered by practical issues such as the need to support existing functions or to create a design that operates with older computer systems. Even implementing a seemingly simple task such as patching a system by fixing a flaw is not easy, in that computer systems are a “spaghetti-mess of code and interactions,” says Sethumadhavan, whose team is taking a new approach to solving this longstanding security problem.

His team has found that the interface between hardware and software is the best point for implementing security techniques, since it’s is the most well-defined and broadly covered interface in a computer system. The team will build security mechanisms into the stable hardware-software interface and improve the security of even older insecure software.

“The interface is standardized and stable and can be used to apply security solutions proactively without risk of breaking systems while fixing security problems,” adds Sethumadhavan, a member of the Data Science Institute’s Center for Cybersecurity.

Sethumadhavan, who recently received a $5.7 million grant from the Defense Advanced Research Projects Agency (DARPA) to support his research, is a nationally-known expert in computer security. His previous research, supported by DARPA as well as the National Science Foundation, lead to improvements in computer industrial design. The security technology being developed for this project will have wide applications, he believes, since it will be transferable to IoT, Cloud, and Mobile systems.

Sethumadhavan’s research team at Columbia includes Luca Carloni, a computer science professor and DSI member, as well as eight doctoral students, two postdoctoral researchers and one research scientist. They are partnering with computer experts from Stanford and Brown, one of whom, Vasileios Kemerlis, is a Columbia Ph.D. alumni.

The research also aims to alleviate the burden now placed on security engineers – of both hardware and software – who will no longer have to explicitly state their security requirements, which can be onerous. The researchers will apply advanced machine-learning techniques to computer systems to have them “learn security intent automatically by watching good programs and then enforcing the learned properties in hardware, where learning has to happen with hundreds of bytes of storage and at nano-second time scales,” says Sethumadhavan.

“Our research is pushing the limits of computer security and computer architecture,” adds Sethumadhavan. “It’s a high-risk project, but if we succeed there will be high rewards. That’s the kind of research we like to do and it’s the kind of research DARPA likes to fund, so it’s a perfect match.”