Hamed Okhravi charts a vision for a cybersecurity moonshot
An article written by a Lincoln Laboratory researcher was recently featured on the cover of the May/June 2021 issue of the Security & Privacy magazine, which is published by the Institute for Electrical and Electronics Engineers (IEEE). Hamed Okhravi, who is a senior staff member in the Secure Resilient Systems and Technology Group, wrote the article to highlight the Laboratory’s research and philosophy in solving security issues that have plagued computer systems for decades.
“The computer security community has seen the shortcomings of patchwork defenses applied to inherently insecure systems, so there is an appetite for new ‘moonshot-like’ visions in this area,” says Okhravi, who also serves on the editorial board for the magazine. “We have been working on our moonshot vision for several years now.”
The article, titled “A Cybersecurity Moonshot,” outlines what Okhravi and his team have identified as the three root causes of cybersecurity vulnerabilities in modern computer systems. These vulnerabilities are consequences of computer design choices made decades ago for early computer systems. The issues involve the use of unsafe programming languages, the lack of security checks being performed by the computer processor, and the structure of operating systems. By addressing these issues, a large percentage of cyberattacks could be prevented, Okhravi says.
“Multiple decades of research into defenses that are soon followed by novel attacks that bypass them have created an unending arms race,” Okhravi writes in the article. “Preventing 90 percent of vulnerabilities conveniently corresponds to an order-of-magnitude reduction, which is the goal called out in the 2019 Federal Cybersecurity Research and Development Strategic Plan as well.”
To address these issues, Okhravi and his team proposed developing secure-by-design systems that will prevent any of these vulnerabilities from being introduced into the system, through strict permissions and the use of safe programming languages. He refers to their work in this area as a moonshot to underscore that the proposed solution to the problem is radical, but it is worth pursuing to solve these issues. Okhravi chose to write about their work in the magazine after reaching multiple milestones related to their effort, and is hoping that the team can work with the wider computer security community to develop the necessary technologies to make their vision a reality.
“For such an overarching vision to be successful, it is not sufficient for one group or one laboratory to work on it alone,” Okhravi says. “I am hoping the article sparks new projects, or at least new ideas, to achieve a more foundationally secure computer system. I remember how reading similar articles back in graduate school shaped my way of thinking in cybersecurity, and I hope that this article has a similar impact.”
Okhravi and his team are currently working on developing a “practical and feature-rich” operating system that is secure by design, he said. They are also working with MIT campus researchers to develop proof-of-concept technologies. Recently, Okhravi received a 2020 Stratus Award, as well as an R&D 100 Award, for his work on a technology that protects commodity software from malicious cyberattacks.
“I feel honored that we were featured on the cover of the magazine,” Okhravi says. “The Laboratory has really been a pioneer in this field, and it’s a unique place that has the talent, resources, and audacity to pursue such game-changing research and development in solving real-world, hard problems.”