Project aims to shine light on data as it travels the Internet

Military researchers have been delving into the idea of “transparent computing,” with a focus on making the inner workings of a network more visible, which in turn would make it easier to identify unusual activity such as a malicious attack. Now they’re taking that approach to the Internet as a whole, with a project intended to track data as it travels online in order to see if it was altered in transit.

The Defense Advanced Research Projects Agency and the Air Force Research Laboratory have awarded a $4.2 million contract to the Georgia Institute of Technology for the project, which they’re calling THEIA, after the Greek goddess of shining light. It essentially aims to apply secure supply-chain principles to online data.

When a network shakes hands, as it were, with incoming data, it doesn’t always know where it’s been. Antivirus and intrusion detections systems check against known exploits but they won’t know, for instance, if data was modified by a malicious browser extension, Georgia Tech said in a release.

Information flow tracking generally applies to one layer, such as the program layer, a situation that advanced persistent threats, or APTs, can take advantage of, Georgia Tech said. THEIA will track data at three layers, starting with the user’s interaction with a program, through the program’s processing of data and storage, to the network’s interactions with the operating system.

“Our ultimate goal is to provide complete transparency, or full visibility, into host events and data so that APT activities cannot evade detection,” said Dr. Wenke Lee, primary investigator and professor in Georgia Tech’s College of Computing. “THEIA represents what could be a significant advance over state-of-the-art approaches, which typically are forced to make arbitrary trade-offs between verifying accuracy and maintaining total computational efficiency.”

It’s not surprising that DARPA and AFRL are going in together on THEIA, since each are also pursuing transparent computing approaches for network operations. AFRL at the end of June awarded a $7.1 million contract to the Massachusetts Institute of Technology for a transparent computing project to develop new ways of tagging and tracking network activity, specifically as a way to identify APTs.

And DARPA in December 2014 launched its Transparent Computing program, which likewise is out to catch APTs through greater visibility into networks.

With THEIA, researchers will try to take that approach to the Internet. “The project has wide implications for any industry and anyone who needs to send secure information, make sure it is not manipulated during transfer, and that it arrives securely intact,” Lee said. “If we have the ability to fully track how data is processed until it reaches the intended recipient, then we can better detect and stop advanced persistent threats.”