New project ensures 'what you see is what you send'

Feb 25, 2014

Imagine a user who intends to send $2 to a friend through PayPal. Embedded malware in the user's laptop, however, converts the $2 transaction into a $2,000 transfer to the account of the malware author instead.

Researchers at Georgia Tech have created a prototype software, Gyrus, that takes extra steps to prevent malware from sending spam emails and instant messages, and blocking unauthorized commands such as money transfers.

Current protection programs might recognize the original user's intent to send email, transfer money or engage in other transactions, but cannot verify the specifics such as email contents or amount of money. Without context, it is impossible to properly verify the user's full intent, regardless of whether the software is protecting a financial transfer, an industrial control system or a wide range of other user-driven .

"Gyrus is a transparent layer on top of the window of an application. The user experience with the application will be exactly the same as when Gyrus is not installed or activated. Of course, if Gyrus detects that user-intended data has been tampered with, it will block the traffic and also notify the user," explained Wenke Lee, director of the Georgia Tech Information Security Center (GTISC).

The Georgia Tech research is based on the observation that for most text-based applications, the user's intent will be displayed entirely on screen, as text, and the user will make modifications if what is on screen is not what he or she wants. Users help Gyrus do its job by establishing pre-defined rules that help the software determine whether commands—authorized or not—fit with established user intentions. In the researchers' words, Gyrus implements a "What You See Is What You Send" (WYSIWYS) policy.

"The idea of defining correct behavior of an application by capturing user intent is not entirely new, but previous attempts in this space use an overly simplistic model of the user's behavior," said Yeongjin Jang, the Georgia Tech Ph.D. student who led the study.

"For example, they might infer a user's intent based on a single mouse click without capturing any associated context so the attackers can easily disguise attacks as a benign behavior," Jang added. "Instead, Gyrus captures richer semantics including both user actions and text contents, along with applications semantics, to make the system send only user-intended network traffic. Gyrus indirectly but correctly determines user intent from the screen that is displayed to the user. "

There are two key components to Gyrus' approach. First, it captures the user's intent and interactions with an application. Second, it verifies that the resulting output can be mapped back to the user's intention. As a result, the application ensures accurate transactions even in the presence of malware.

Explore further: Malware on Yahoo ads turned user PCs into bitcoin miners

More information: www.cc.gatech.edu/~yjang37/papers/gyrus.pdf

add to favorites email to friend print save as pdf

Related Stories

Apple granted patent on new augmented reality technology

Mar 20, 2013

(Phys.org) —Apple Inc. has been granted a patent for an application filed with the U.S. Patent Office in 2010 for "Synchronized, interactive augmented reality displays for multifunction devices." The patent ...

Malware on Yahoo ads turned user PCs into bitcoin miners

Jan 10, 2014

(Phys.org) —Yahoo, has acknowledged that its service sites were used by hackers to enslave massive numbers of ordinary PCs who did so to generate bitcoins, and by extension, real earnings. Ads were placed ...

Phone charger can place user on malware alert

Oct 06, 2013

(Phys.org) —More smartphones, more smartphone apps, and more busy smartphone users downloading apps have become attractive magnets for malware agents. A new category has grown up, not just general malware ...

Apple is granted hover and heart-rate monitoring patents

Dec 26, 2013

(Phys.org) —Apple has been awarded patents that include one for an accurate touch and hover panel, originally filed back in 2010, and another for an embedded heart rate monitor, originally filed in 2009. ...

Recommended for you

Microsoft skips Windows 9 to emphasize advances

55 minutes ago

The next version of Microsoft's flagship operating system will be called Windows 10, as the company skips version 9 to emphasize advances it is making toward a world centered on mobile devices and Internet ...

Microsoft to offer early look at next Windows

Sep 29, 2014

Microsoft plans to offer a glimpse of its vision for Windows this week, as its new CEO seeks to redefine the company and recover from missteps with its flagship operating system.

User comments : 0