From: Asian Scientist

By Editorials

In the era of smartphones and tablets, SMU Associate Professor Ding Xuhua predicts that the battle between data security experts and hackers will increasingly shift to mobile devices.

AsianScientist (Dec. 2, 2013) – By Shuzhen Sim – As human existence becomes inextricably intertwined with technology, important and intimate details of our lives are increasingly being captured and stored by computers.  This trend has dramatically raised the stakes for hackers seeking to profit by illegally gaining access to valuable private data from individuals, governments and corporations.

Just how far can we trust our computers to keep our data safe from prying eyes? Most run-of-the-mill machines rely on security features built into their operating systems to fend off attackers. But these operating systems – the software on which the computer runs – tend to be unwieldy, complex beasts composed of millions of lines of code, and are often riddled with weaknesses that hackers all too easily exploit.

Associate Professor Ding Xuhua of the Singapore Management University (SMU) School of Information Systems thinks that a lot more can be done to arm ourselves against modern day cyber-attacks, and envisions a redesign of the current system.

After his undergraduate studies in computer science, Professor Ding was drawn to the field of data security because of the puzzle-like challenges of building defence schemes. “I like solving puzzles, like in detective novels or suspense novels,” he says, explaining that data security involves much more of this sort of sleuth work than other branches of computer science.

Puzzles aside, however, a major challenge for developers of defence systems is to create solutions that can be applied to real-world problems. “If I come up with a theoretical solution that cannot be deployed, that may undermine its value,” says Professor Ding, whose vision is for an enhanced security system to eventually be used in all personal computers.

An ideal security system must not only be secure and efficient, he says, but also compatible with existing infrastructure and amenable to rolling out on a large scale. This also helps to make the system more palatable to users, who almost always see security as a troublesome cost that does not add tangibly to their profit margins.

Protecting a small safe box versus a large building

“If a building is big, it’s difficult for us to protect it because there will be more ways attackers can compromise it. But a small safe box is easier to protect,” explains Professor Ding. “My ambition is to develop much smaller software that will work beneath the operating system – its job is purely for security purposes.”

Professor Ding and his team are working towards this “security foothold” using a combination of tools in systems security, which aims to protect data storage infrastructure; and cryptography, which makes use of mathematical algorithms to protect the data itself.

Every day, many of us enter passwords into a variety of Internet sites to access functions as diverse as email, banking, social networking or online shopping. Unprotected computers, however, are often crawling with malicious software that could potentially capture and transmit private information.

A novel feature of Professor Ding’s security system is a scheme that will keep passwords invisible to the browser and the computer’s operating system, while still allowing the user to access the website. This prevents private information from being leaked to malware that may be lurking on a compromised computer.

The security system will also have the ability to isolate programmes containing sensitive information from the rest of the system. For instance, if you were editing a confidential document – your financial records, for example, or the world’s next great novel – the security system could build a fence around your word processor to prevent other applications from accessing the information.

Read Complete Article