New prototype application blocks malware from altering messages, transactions
Researchers have created a prototype software, Gyrus, that takes extra steps to prevent malware from sending spam emails and instant messages, and blocks unauthorized commands such as money transfers.
Wenke Lee, director of the Georgia Tech Information Security Center (GTISC), said that Gyrus is a transparent layer on top of the window of an application, asserting that the user experience with the application will be exactly the same as when Gyrus is not installed or activated, explaining that if Gyrus detects that user-intended data has been tampered with, it will block the traffic and also notify the user.
The Georgia Tech research is based on the observation that for most text-based applications, the user's intent will be displayed entirely on screen, as text, and the user will make modifications if what is on screen is not what he or she wants.
Users help Gyrus do its job by establishing pre-defined rules that help the software determine whether commandsaEuro"authorized or notaEuro"fit with established user intentions. In the researchers' words, Gyrus implements a "What You See Is What You Send" (WYSIWYS) policy.
There are two key components to Gyrus' approach. First, it captures the user's intent and interactions with an application. Second, it verifies that the resulting output can be mapped back to the user's intention. As a result, the application ensures accurate transactions even in the presence of malware.
(Posted on 03-03-2014)