Researchers at Microsoft Corp. showed off some forward-looking technologies including new ways to protect systems against Internet worms and prevent hacker attacks.
At its fifth annual TechFest, Microsoft Research presented about 150 projects at the company’s Redmond, Wash., headquarters. TechFest’s main purpose is to promote the exchange of ideas, or “tech transfers,” between Microsoft Research and product teams at the software giant. The event was expected to attract about 6,000 Microsoft employees.
One of the technologies on display, dubbed Vigilante, proposes a detection and protection system for Internet worms. The system would consist of “honey pot” computers connected to the Internet that would serve as bait for the worms. Once an attack was detected, the computers would analyze the attack and create alerts, which would include details on how to protect against the new worm. Then the alerts would be pushed out to other computer, so they could automatically put up shields and filter traffic to block the worm, Microsoft researchers said. We need a completely automatic system to detect attacks.Manuel Costa>Text
Systems receiving the Vigilante alerts would not require any action from an administrator to protect against worms, said Manuel Costa, a researcher in Microsoft’s lab in Cambridge, England. “We need a completely automatic system to detect attacks,” he said.
Costa, who was demonstrating a prototype of Vigilante at TechFest, acknowledged that administrators may be apprehensive of automatic changes to their systems. But he said the filters will block only real attack messages. Automatic filters are needed to provide a quick response to worm outbreaks, he explained. “Otherwise, it will be too late.”
Another Microsoft Research project focused on security suggested monitoring system activity to prevent malicious code from executing. The system, called Control-Flow Integrity, would prevent malicious code being run on a computer by checking application activity and validating it. Unexpected activity would be blocked, according to Microsoft.
The system would prevent attacks that exploit buffer overflows by inserting malicious code, said Roy Levin, director of Microsoft Research, Silicon Valley. However, one side effect of monitoring applications is a slower system. “You are getting a stronger guarantee, but in exchange for some performance,” Levin said.
Vigilante and Control-Flow Integrity are research projects only, but the researchers said they are gaining interest from Microsoft product teams. However, there has been no commitment from any of the product groups to use the technologies.
The more than 700 people at Microsoft Research work on projects in over 50 research areas, including speech recognition, user interface, programming tools and methodologies, operating systems and networking, graphics, natural language processing, machine learning and mathematical sciences. More information on the research projects contained in this article is available on the Microsoft Research Web site.
Vigilante: http://research.microsoft.com/ research/pubs/view.aspx?tr_id=788 .
Control-Flow Integrity: http://research.microsoft.com/research/pubs/view.aspx?tr_id=868 .
