Using a time machine to watch the crime unfold and nail the perps red-handed may sound like an outlandish Hollywood movie plot, but going back to stop a hack is precisely what Peter Chen has in mind.

Travling Back To Stop a Hack

"What we have created is a way to turn back time -- at least from a computing perspective -- and watch history unfold exactly as it did before," said Chen, an associate professor of electrical engineering and computer science at the University of Michigan. "Not only can we turn back the clock on an attack to undo the damage, we can also go back to any point during the attack to observe exactly how the intruder breached the system."

Several commercial products can record all changes made to a hard drive, allowing users to restore their systems to a previous backup point, Chen told NewsFactor. None of these products, Chen added, allow system administrators to replay an intruder's actions step by sneaky step.

Products that log not only hard-drive alterations but also hacker interactions might answer questions about vulnerabilities the hacker exploited to break into the system -- and what took place while the intruder had access. Chen's solution -- a "virtual machine" aptly named "ReVirt" -- hides the system's actual hardware and operating system while running a "guest" operating system that handles applications and interacts with users.

By creating this additional abstraction layer and forcing users to interact with a guest operating system, ReVirt logs all events at both the operating system and virtual machine level without showing its digital hand.

Time To Reboot to ReVirt?

Traditional system loggers have two weaknesses, Chen said. First, because they rely on the integrity of the operating system, smart hackers often will doctor or delete these logs to hide their tracks. Second, system loggers rarely save sufficient information to replay and analyze attacks.

ReVirt, on the other hand, logs all input, interrupts and network messages from all users, operating out of the sight and out of reach of potential hackers by isolating its logs behind its virtual, iron-clad curtain.

"It's like having a security camera behind bullet-proof glass that can see everything going on during a bank robbery," said Chen. "Not only can we repair the damage, but we can study in detail what the hacker did, and we can learn how to improve our security in the future." (continued...)

1  |  2  |  Next Page >