Research

Professor's research on data recovery receives additional funding

A computer system crash can have disastrous consequences for a company, including loss of critical business information. Peng Liu, a professor at Penn State’s College of Information Sciences and Technology (IST), is developing technology with the goal of enabling companies to quickly and accurately recover data that has been corrupted through hacking, viruses or malware.

Liu, director of the Center for Cyber-Security, Information Privacy, and Trust (LIONS Center), recently received another increment of $139,454 from George Mason University and the Air Force Office of Scientific Research in support of the project, “Autonomic Recovery of Enterprise-wide Systems after Attack or Failure with Forward Correction.” The project, which started in 2007, is part of the Multidisciplinary University Research Initiative (MURI), a tri-service Department of Defense program that supports research teams whose research efforts intersect more than one traditional science and engineering discipline. The recent award is the last increment of the grant, which Liu and his students will use to develop a software tool that will enable enterprise data centers to automatically recover from cyber intrusions.

The tool, Liu said, could be applied to all sectors of industry and may eventually become available on the mass market.

“It really could be a commodity,” he said.

Currently, Liu said, data recovery systems utilize backup data in the form of virtual machine images. However, he added, the newer images are often infected by the viruses and malware, while the older images may not be updated with the latest information. The software that Liu is developing would perform a “surgery” on virtual machine images to fix the infected parts. The tool will utilize the entire array of virtual machine images dumped onto a disk in recent history, he said, in order to find the latest “repair” for every infected part of the newest virtual machine image. Each repair is a specific set of bytes. A main challenge is that the latest repairs for two infected parts could be found inside two virtual machine images dumped onto a disk at different times.

While the software tool will perform the data recovery task, Liu said, a large volume of computer operations ,i.e., system calls, as well as the actions performed by the attacker, will need to be logged during runtime of the virtual machines by security auditing. This will enable the tool to analyze the relationship between the various operations.

“Our tool cannot perform magic,” he said. “Our tool needs certain input from security auditing and intrusion detection systems.”

The technology is currently at the beginning of the implementation phase, Liu said, and will be tested over the summer. At some point, he added, a third party could become involved to convert the technology to a commercial product.

Last Updated April 26, 2012

Contact