Three computer science professors were awarded a patent for their work, titled “System and method of generically detecting the presence of emulated environments.” The United States Department of Commerce honored the inventors, Richard Ford, William Allen and Gerald Marin, for their industrious pursuit in the field of computer security and software protection.
The patent addresses the problem of very high-end rootkits and malware, which can burrow deep under the operating system, creating an environment designed to hide the attacker’s presence. The newly patented method of defense focuses on subtle changes the malware makes to statistical properties of the system. Such changes can be used to determine if a particular program is running in a synthetic or otherwise virtual environment. Traditional approaches rely on detecting traces of the malware itself; the Florida Tech invention discloses an entirely new way of detecting such attacks.
As noted, some computer viruses depend on programs to be running in such environments. This allows the previously undetectable malware to take over the system and access its memory. The researchers’ method of detection also helps prevent software from being reverse-engineered.