Principal Investigator Nickolai Zeldovich
Project Website http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=1053143
Project Start Date April 2011
Project End Date March 2017
Virtually any computer system can be compromised. New software vulnerabilities are discovered and exploited daily, and even if software were bug-free, unaware users may install malware along with free screensavers or greeting cards they download online. Cleaning up after these inevitable compromises leads to days of wasted effort by users or system administrators, with no conclusive guarantee that all traces of the attack are gone, or that no legitimate changes are lost.
This research project automates recovery from intrusions by developing a system-wide undo mechanism, so that an administrator can undo an attacker's break-in attempt, along with all of its side-effects, while preserving all other legitimate operations. The key idea is to log all computations, such as processes or system calls, and the dependencies between them, so that if one operation needs to be undone, the system can both undo its direct effects, and recursively track down and re-execute other operations that may have been indirectly affected. Building on this basic approach, the project explores how computer systems must change to securely and efficiently provide system-wide undo, from operating system kernels, to programming languages, to applications and user interfaces.
If successful, this project will provide a principled approach to recovering from intrusions in computer systems. More broadly, system-wide undo may help in many situations, such as users that realize they changed the wrong setting a week ago, students that want to learn a new system by exploring and undoing, or application developers that want to experiment with a large-scale system.