- The software will leverage nested virtualization, layered sensing and logging to mitigate cloud threats.
- Researchers at UTSA are seeking other academic partners to make the system an advanced research platform.
A new open source software promises to reduce the risk associated with cloud deployments and allow desktop applications to run securely in the cloud.
We are talking about Galahad, an open source revolutionary user computer environment (UCE) just launched by the University of Texas at San Antonio (UTSA).
The researchers at the University said that the software, which is named after the Arthurian knight that ultimately secured the Holy Grail, will fight to protect people using desktop applications running on digital platforms such as Amazon Web Services (AWS).
It will leverage nested virtualization, layered sensing and logging to mitigate cloud threats. These layers will allow individual users to host their applications seamlessly and securely within the cloud avoiding both known and unknown threats.
How Galahad detects threats
With the use of role-based isolation and real-time sensors, Galahad will integrate machine learning to develop unique user profiles that will immediately help spot malicious activity or other anomalies like malware in a typical workload. This determination will be based on log events and user actions at the application, virtual machine and hypervisor level.
“Galahad can develop a profile of how each application is used so if an instance of Microsoft Word or Outlook uses an unusually high amount of network bandwidth, we can determine if something has been infected,” said James Benson, a technology research analyst at the UTSA Institute for Cyber Security (ICS).
The software will provide a nested hypervisor on AWS instances. There, it will monitor role-based virtual machines virtually across all levels of the application stack including the docker container: the basic unit of software that packages an application to run quickly between computing environments.
Galahad’s strengths include the use of migration, where cloud applications are dynamically moved to different hosts.
“It’s almost like frequency band hopping,” said Benson. “If your host is compromised in the AWS environment but you keep on moving, the malicious actor will only get snippets of you at most.”
Farhan Patwa, ICS assistant director and chief architect, added, “With Galahad, you’re now a moving target.” Patwa will oversee the deployment of Galahad at UTSA.
Inviting academic partners to make Galahad a research ecosystem
In 2017, the Intelligence Advanced Research Projects Activity (IARPA) tapped industry leaders such as Star Lab Corp. to develop Virtuous User Environments (VirtUEs), a dynamic cloud-based environment that reduces threats while serving as a secure place to migrate government user applications.
Star Lab developed Galahad and transitioned it to UTSA at the end of May this year for further development and research.
Now, researchers at UTSA are seeking other academic partners to make the system an advanced research platform. The UTSA researchers want to innovate additional protection capabilities in field areas such as user access control, privilege chains, decision engines, and blockchain or “smart contracts” that run distributed across different virtual machines.
It’s believed that Galahad can also be leveraged toward better integration of IoT systems, and securing Linux operating systems and hypervisors, which make virtual machine computing environments a possibility.