Algorithmic vulnerabilities,
or the emerging hacking threat, can do a lot of damage on computer systems. It
is considered as more complex, more challenging to detect and more effective at
damaging different nation’s computer systems.
Additionally, it is extremely
hard to detect with the existing security technology according to the Dyman & Associates Risk
Management Projects.
These attacks can only be
achieved by hackers hired by nation states which have resources essential to
mount them, but perhaps not for very long.
Computer scientists at the
University of Utah and University of California, Irvine are given $3 million by
the U.S. Department of Defense to produce software that will detect or fight
future cyberattacks.
The University of Utah team
will be composed of 10 faculty members, postdoctoral and graduate students. Of
the $3 million grant, which is over four years, $2 million will go to the Utah
team and $1 million to the Irvine team.
The project is funded by the
Defense Advanced Research Projects Agency (DARPA) in a new program called STAC,
or Space/Time Analysis for Cybersecurity.
The team is tasked with
creating an analyzer that can fight so-called algorithmic attacks that target
the set of rules or calculations that a computer must follow to solve a
problem.
The analyzer needs to perform
a mathematical simulation to predict what’s going to happen in case there is an
attack and it must conduct an examination of computer programs to detect
algorithmic vulnerabilities or “hot spots” in the code. It is more like a
spellcheck but for cybersecurity.
University of Utah’s associate
professor of computer science and a co-leader on the team, Matt Might said that
the military is looking ahead at what’s coming in regards of cybersecurity and
it seems like they’re going to be algorithmic attacks. He also stated that the current state of computer
security is a lot like doors unlocked into the house so there’s no point
getting a ladder and scaling up to an unlocked window on the roof.
"But once all the doors
get locked on the ground level, attackers are going to start buying ladders.
That's what this next generation of vulnerabilities is all about."
Hackers will make use of
programmers’ mistakes while creating their programs on the software. For
instance, the software will get a programming input crafted by a hacker and use
it without automatically validating it first which can result in a
vulnerability giving the hacker access to the computer or causing it to leak
information.
Algorithmic attacks are very different
since they don’t need to find such conventional vulnerabilities. For instance,
they can secretly track how much energy a computer is utilizing and use that
information to gather sensitive data that the computer is processing, or they
can secretly track how an algorithm is running within a computer. These attacks
can also drive central processing unit (CPU) to overwork, or they can disable a
computer by forcing it to use too much memory.
Suresh Venkatasubramanian, who
is also a co-leader from the team, states that these algorithmic attacks are
very devious because they could exploit weaknesses in how resources like space
and time are utilized in the algorithm.
Algorithmic attacks are really
complex, costly, and use the most amount of time, so most hackers these days
are not using this kind of attacks however, they take the easier route of
exploiting current vulnerabilities.