24 Sep 2015 Dallas - Dr. Zhiqiang Lin, of the Erik Jonsson School of Engineering and Computer Science at UT Dallas, is working to advance the field of Cloud computing, and in the process, has developed a technique that allows one computer in a virtual network to monitor another for invasions or viruses. Dr. Lin's research has earned the assistant professor of computer science a National Science Foundation Faculty Early Career Development (CAREER) Award, which provides him with $500,000 in funding for five years.
"Dr. Lin's technical achievements are significant", stated Dr. Bhavani Thuraisingham, executive director of the UT Dallas Cyber Security Research and Education Institute and the Louis A. Beecherl Jr. Distinguished Professor in the Jonsson School. "He has developed a highly novel method to carry out virtual machine introspection and will be exploring this area further."
Virtual machine introspection is the viewing of a virtual machine's actions from the outside.
"Virtual machine introspection is a useful technique for protecting cloud applications, as many hosting providers offer services on virtual machines to their clients", stated doctoral student Erick Bauman, who works in Dr. Lin's Systems and Software Security Lab.
"Being able to view the state of a virtual machine allows the provider to detect malicious intruders and viruses while still protecting the monitoring system. For the general public, this means better security for their online services."
One challenge in virtual machine introspection is that a semantic gap exists between the data structures that the virtual machine understands and the raw bytes viewable from the outside that provide little contextual information. With the CAREER Award, Dr. Lin will develop principles and techniques to automatically bridge the gap.
"A significant amount of manual effort is needed with new methods of virtual security because of the semantic gap dilemma", stated Dr. Lin, who is also a member of the Cyber Security Research and Education Institute.
"It is consequently tedious and time-consuming to enable virtual security for different operating systems and even different versions of the same system."
Dr. Lin said that several solutions to solving the semantic gap problem require installing certain modules, but these modules can be compromised. Other issues arise when the guest operating software is upgraded and the virtual users must manually upgrade these guest modules as well, creating problems for Cloud providers and users.
Dr. Lin has been reusing compiled code that already understands the semantics of the virtual machine's data structures. The existing code can process data from the virtual machine and allow for analysis of the activities occurring inside. He is hopeful that the reuse of existing code may be the key to bridging the gap and solving most of the problems.
Dr. Lin also is a recipient of a Young Investigator Research Program grant from the Air Force Office of Scientific Research where his research is focusing on binary code analysis for malware detection.
"His research progress is crucial to combat the cybersecurity threats we face daily", Dr. Thuraisingham stated.