{"278861":{"#nid":"278861","#data":{"type":"news","title":"Georgia Tech Project Ensures \u0027What You See Is What You Send\u2019","body":[{"value":"\u003Cp\u003EImagine a user who intends to send $2 to a friend through PayPal. Embedded malware in the user\u2019s laptop, however, converts the $2 transaction into a $2,000 transfer to the account of the malware author instead.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EResearchers at Georgia Tech have created a prototype software, Gyrus, that takes extra steps to prevent malware from sending spam emails and instant messages, and blocking unauthorized commands such as money transfers.\u003C\/p\u003E\u003Cp\u003ECurrent protection programs might recognize the original user\u2019s intent to send email, transfer money or engage in other transactions but cannot verify the specifics such as email contents or amount of money. Without context, it is impossible to properly verify the user\u2019s full intent, regardless of whether the software is protecting a financial transfer, an industrial control system or a wide range of other user-driven applications.\u003C\/p\u003E\u003Cp\u003E\u201cGyrus is a transparent layer on top of the window of an application. The user experience with the application will be exactly the same as when Gyrus is not installed or activated. Of course, if Gyrus detects that user-intended data has tampered with, it will block the traffic and also notify the user,\u201d explained Wenke Lee, director of the Georgia Tech Information Security Center (GTISC). \u0026nbsp;\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022http:\/\/www.cc.gatech.edu\/~yjang37\/papers\/gyrus.pdf\u0022\u003EThe Georgia Tech research\u003C\/a\u003E is based on the observation that for most text-based applications, the user\u2019s intent will be displayed entirely on screen, as text, and the user will make modifications if what is on screen is not what he or she wants. Users help Gyrus do its job by establishing pre-defined rules that help the software determine whether commands\u2014authorized or not\u2014fit with established user intentions In the researchers\u2019 words, Gyrus implements a \u201cWhat You See Is What You Send\u201d (WYSIWYS) policy.\u003C\/p\u003E\u003Cp\u003E\u201cThe idea of defining correct behavior of an application by capturing user intent is not entirely new, but previous attempts in this space use an overly simplistic model of the user\u2019s behavior,\u201d said Yeongjin Jang, the Georgia Tech Ph.D. student who led the study.\u003C\/p\u003E\u003Cp\u003E\u201cFor example, they might infer a user\u2019s intent based on a single mouse click without capturing any associated context so the attackers can easily disguise attacks as a benign behavior,\u201d Jang added. \u201cInstead, Gyrus captures richer semantics including both user actions and text contents, along with applications semantics, to make the system send only user-intended network traffic. Gyrus indirectly but correctly determines user intent from the screen that is displayed to the user. \u201d\u003C\/p\u003E\u003Cp\u003EThere are two key components to Gyrus\u2019 approach. First, it captures the user\u2019s intent and interactions with an application. Second, it verifies that the resulting output can be mapped back to the user\u2019s intention. \u0026nbsp;As a result, the application ensures accurate transactions even in the presence of malware.\u003C\/p\u003E\u003Cp\u003EJang, along with Simon Chung, a postdoctoral researcher at Georgia Tech and Bryan Payne, a Georgia Tech Ph.D. graduate, presented the study in February during the \u003Ca href=\u0022http:\/\/www.internetsociety.org\/events\/ndss-symposium\u0022\u003E2014 Network and Distributed System Security Symposium (NDSS)\u003C\/a\u003E in San Diego, Calif. Their advisor is Wenke Lee, director of the Georgia Tech Information Security Center (GTISC).\u0026nbsp;\u0026nbsp;\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EResearchers at Georgia Tech have created a prototype software, Gyrus, that takes extra steps to prevent malware from sending spam emails and instant messages, and blocking unauthorized commands such as money transfers.\u0026nbsp;\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Prototype application takes extra steps to block malware from altering messages, transactions"}],"uid":"27897","created_gmt":"2014-02-25 12:33:19","changed_gmt":"2016-10-08 03:15:55","author":"Phillip Taylor","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2014-02-24T00:00:00-05:00","iso_date":"2014-02-24T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"groups":[{"id":"47223","name":"College of Computing"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"}],"keywords":[{"id":"87511","name":"gyrus"},{"id":"2678","name":"information security"},{"id":"7772","name":"malware"},{"id":"114601","name":"Press Release"}],"core_research_areas":[{"id":"39501","name":"People and Technology"}],"news_room_topics":[{"id":"71881","name":"Science and Technology"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ESylvia Carson\u003Cbr \/\u003EResearch Communications Officer\u003Cbr \/\u003E(404) 385-2347\u003Cbr \/\u003E\u003Ca href=\u0022mailto:scarson@cc.gatech.edu\u0022\u003Escarson@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E","format":"limited_html"}],"email":["scarson@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}