SEVER and PROTECT

In an age where cybersecurity threats are growing more sophisticated by the day, a pioneering research collaboration between the University of Pennsylvania and Draper Laboratory, is on a mission to revolutionize how we trust and secure our computers. Their ambitious goal? To make computers trustable by fundamentally reducing the excessive privileges that often lead to vulnerabilities.

The Principle of Least Privilege: A New Security Paradigm

At the heart of this initiative is the Principle of Least Privilege, a security concept that demands each program, user, or system component be granted only the minimum access necessary to perform its function. Consistent with the Cybersavvy Center goals, this effort advocates for a shift away from the traditional approach of assuming all system components are benign and all programs are free of bugs. Instead, they operate under the assumption that any component could be malicious/exploitable, and software bugs are a given, not an exception.

This security-first mentality is more than just theory. The project’s researchers are putting it into practice by focusing on protecting the Linux kernel—a critical component of countless operating systems—and safeguarding applications from exploitation.

Innovative Approach: Making Compartmentalization Accessible

To achieve their goal, the lab is breaking new ground in the realm of fine-grained compartmentalization. Compartmentalization, in simple terms, involves breaking down systems into isolated sections to limit the damage from potential breaches. What makes this lab’s approach unique is their use of Tagged Architecture, which promises to make this complex process more cost-effective and accessible.

Their work builds on foundational projects like the Software-Defined Metadata Processing (SDMP) and DOVER. These projects serve as the backbone for the lab’s efforts, PROTECT effort that provides an efficient mechanism for fine-grained separation. ensuring that their solutions are not only innovative but also grounded in proven research.

Balancing Security and Performance with Automation

A key innovation of this project is SEVER effort with its ability to automatically create security compartments while maintaining a delicate balance between security and system performance. They build on metrics and optimization like uSCOPE and SCALPEL to manage and analyze micro-privileges within the system, ensuring that security enhancements do not come at the cost of performance.

DARPA: Supported

This research is supported by

DARPA, specifically under the Compartmentalization and Privilege Management (CPM) program.

In conclusion, this research is not just addressing the cybersecurity challenges of today; it is laying the groundwork for a more secure digital future. By reducing excessive privileges and embracing innovative technologies, in ensures that our computers can be trusted in an increasingly perilous cyber landscape.