A computer scientist at Worcester Polytechnic Institute (WPI) is developing a new technology designed to protect companies—and computer users—from damaging and expensive malware attacks.
Known as single-use services, the technology is being developed by Craig Shue, associate professor of computer science at WPI, with a three-year, $265,631 grant from the National Science Foundation. It is designed to prevent an attack on a commercial website from compromising other servers, data, and users.
Shue’s approach uses a technology called “containerization” that will be invisible to end users, but will change how they interact with search engines, news sites, online stores, and other types of websites. Instead of being given direct access to an actual webserver, as happens now, each user will interact with a temporary copy, or instance, of the server. When the session ends, that copy will be destroyed.
In essence, each web session will be isolated within its own container. If a user exploits a vulnerability and attacks the webserver by deploying a malware program, that program will disappear along with the container. Since the actual web server will not be infected, no other users will be harmed.
Shue said his technology will eliminate the vulnerabilities inherent in the current way websites operate, with every user having direct access and interaction with the web servers and software. Under a traditional setup, if hackers were to take advantage of a bug in that software, they could embed malware that could attack every subsequent visitor to that website. And for major sites, that could mean hundreds of thousands of users would be vulnerable.
“It will change how interactions happen on the back end, whether people are getting news or ordering sneakers online,” he said. “We assume software will probably never be bug-free, so let’s just accept that and create better security with these little containers. Nothing will look different to end users but they’ll be safer and the websites will be safer. With more than three billion people using the Internet, many of whom interact with user-facing servers multiple times a day, the project's outcome can broadly impact society's computer security.”