Photo by Evan Cantwell
When computer security analyst Anup Ghosh came to Mason in 2006, he didn’t just bring his expertise, he also brought his cutting-edge ideas and his new company.
In his work developing technologies to make computer systems more resistant to malicious attacks, Ghosh realized the potential of virtualization technology. This technology allows users to isolate the Internet from their workstations or enterprise-wide servers, thereby reducing the computer and company susceptibility.
Ghosh’s new business venture, Secure Command, LLC, was created to commercialize these innovations. The company has two products that were developed at Mason and are currently being tested: Internet Cleanroom Workstation and Internet Cleanroom Server. A third product is in development.
“Computer security is currently based on users making good decisions, but unfortunately we need to accept the reality that users do not always make the best security decisions,” says Ghosh, chief scientist at Mason’s Center for Secure Information Systems (CSIS). “With Internet Cleanroom, users can make poor decisions but not compromise the security of the computer or corporate networks and files.”
While many of today’s information security tools and practices focus on building better software and detection tools or filtering mechanisms such as firewalls, Internet Cleanroom creates a safe environment for running Internet-enabled software by isolating it from the host operating system.
It works by creating a virtual machine that provides a pristine guest operating system for the application that is launched. The virtual machine and its operating system exist only for the duration of the application session, providing an environment in which intrusions or compromises are compartmentalized. When the application terminates, the virtual machine is destroyed. This approach all but eliminates external threats from Internet-connected machines.
Testing on the alpha version of Internet Cleanroom Workstation has been completed, and testing on a beta program is under way with the U.S. Army and an electronic crime-tracking company. Ghosh is plannning to release a beta version of Internet Cleanroom Personal Edition Browser and Internet Cleanroom Professional Edition in March.
To fund his research, Ghosh applied for an award from the Small Business Technology Transfer Research (STTR) Program, a highly competitive program that reserves a specific percentage of federal research and development funding for small business and nonprofit research institution partners. Ghosh received a $99,000 STTR award and has used the funds to involve Mason researchers Yih Huang and Pramod Kalapa, and doctoral candidate Jiang Wang in the development of the Internet Cleanroom technologies. With the recent receipt of phase II of the STTR award, Ghosh hired Secure Command’s first full-time employee, senior software engineer Rod Haxton.
Ghosh has worked with the Mason Enterprise Center (MEC), a university-based economic development enterprise that focuses the energy, skills, and intellectual capital of Mason on enterprise creation and expansion. He is also working with George Mason Intellectual Properties Inc. (GMIP), a nonprofit corporation established by Mason’s Office of Technology Transfer to facilitate moving Mason intellectual property to the commercial sector.
With the help of John Casey, director of the Fairfax Small Business Development Center, Ghosh has been thinking of ways to bring the Internet Cleanroom to market (channel sales with resellers such as CDW-G or direct sales to computer manufacturers Dell, IBM, HP, and such) and a possible exit strategy (most likely acquisition by a larger company). Ghosh will also work with Casey and MEC to conduct a competitive analysis to determine the price point at which Secure Command’s products should be sold.
As an employee of Mason, with a company that is contracting research to the university, Ghosh has worked with the university to complete the required conflict of interest waiver. GMIP is handling the patent prosecution for Ghosh’s inventions and taking care of the licensing agreements with Secure Command.
“Mason does an incredible job of working with its employees to develop new technologies,” says Ghosh. “I am fortunate that an idea and company that were started before I came to Mason have been so well received and that the university has taken such an active role in assisting with this endeavor.”
Ghosh’s company won top honors last fall at the Tech 2007 Conference of the Council for Entrepreneurial Development when Internet Cleanroom was selected for the People’s Choice Award by conference attendees for best technology product.
Prior to joining the university, Ghosh was senior scientist and program manager in the Advanced Technology Office of the Defense Advanced Research Projects Agency (DARPA). During the past 16 years, he has worked for the government, in the private sector, and at universities, and has received many awards for his work, including the prestigious National Security Agency’s Frank Rowlett Trophy for Individual Achievement, a federal-wide award for contributions to the field of information assurance.