Monday, November 28, 2011
Cyberpoint
Just had a nice dinner with two engineers from Cyberpoint, a cybersecurity company located in Baltimore. One of them, Mike West, I've known since the two of us worked at ARINC nearly 20 years ago. Cyberpoint seems to be doing really interesting things, with a culture that values research, and I'm optimistic that MC2 will find ways to work with them that benefit all parties.
Monday, November 21, 2011
Tudor Dumitras of Symantec
Tudor Dumitras of Symantec's Research Lab in Herndon, VA (near Dulles airport) gave a talk on Friday morning about Symantec's WINE (Worldwide Intelligence Network Environment) dataset.
Slides for a longer version of the talk are available, but here's a brief synopsis.
Slides for a longer version of the talk are available, but here's a brief synopsis.
WINE's data sets are collected primarily by Symantec’s anti-virus products installed on millions of hosts worldwide. Collected data contains malware samples, A/V and IPS results (i.e., which positive signatures have been discovered, what IP address they were from, what process they were targeting, etc.), spam samples, and binary and URL reputation data. The latter is gathered by tracking unknown binaries installed on a user's machine, or URLs visited, and then correlating those installs/visits with negative or positive behavior that ensues. They also gather URL data with a web crawler that looks for web sites engaged in attacks such as drive-by downloads (also accessible at safeweb.norton.com). They are in the process of adding data from Android Norton, too, and have included some open source data sets in the collection (e.g., the open source vulnerability database).
All of this data is available for periods of several years, enabling historical comparisons to be made.
Researchers access the data at Symantec's site in Herndon (or at another site in California) and set up experiment scripts aimed to be reproducible by running on virtual machines in tightly controlled environments. So far the data has been used for a variety of purposes, e.g., tracking the dissemination of Stuxnet and a variant of it, and for the development of a "cyber benchmark" (work in progress with Leyla Bilge), among other applications (which he didn't talk about).
If you are interested in this data set and potential collaborative research with Symantec Labs, please let me know. I think this is an interesting opportunity.
Saturday, November 19, 2011
Upcoming talks
The next Google seminar talk will be given on December 1 at 5:30pm by Douglas Maughan of DHS, titled "Current R&D Initiatives in Cybersecurity." Details here: http://goo.gl/sMxza.
Another talk that may be of interest will be given in Arlington also on December 1 from 1-2pm by Prof. Fred B. Schneider of Cornell as part of the Air Force Office of Scientific Research (AFOSR) 60th anniversary celebration. The title of the talk is not yet available, but I expect it will be about Fred's Blueprint for a Science of Cybersecurity. Registration for this talk is here http://events.SignUp4.com/AFOSRDecember-Schneider
Another talk that may be of interest will be given in Arlington also on December 1 from 1-2pm by Prof. Fred B. Schneider of Cornell as part of the Air Force Office of Scientific Research (AFOSR) 60th anniversary celebration. The title of the talk is not yet available, but I expect it will be about Fred's Blueprint for a Science of Cybersecurity. Registration for this talk is here http://events.SignUp4.com/AFOSRDecember-Schneider
Tuesday, November 15, 2011
DARPA Cyber Colloquium presentations
I just learned that DARPA's presentations from the Cyber Colloquium (which I blogged about earlier) are now available on-line. I'd definitely recommend Dan Kaufman's slides, the first one listed.
Sunday, November 13, 2011
GameSec 2011
Tomorrow is the start of the main sessions of GameSec 2011, organized by MC2 faculty John Baras and Jonathan Katz. The following is an announcement from John Baras, the General Chair.
Dear MC2 colleagues and graduate students,
I am very pleased to inform you that, thanks in part to support from MC2, you can attend the lectures in the upcoming GameSec 2011 Conference, November 13-14, at the Inn and Conference Center for free, even if you are not registered.
You will not be able to participate in the welcoming reception, lunches and banquet without a Conference registration. If you wish to attend the lectures for free, please go to the Conference registration desk and get a special badge, which will allow you to attend the lectures only.
Thanks and best regards,
John Baras
General Chair
Thursday, November 10, 2011
DARPA Cyber Colloquium
I attended DARPA's Cyber Colloquium on Monday, November 7, 2011. This is a trip report of the event.
Most of the 700 attendees came from academia, industry, and government. The goal was a "frank discussion" between the attendees and DARPA on solutions to the problem of cybersecurity.
WIRED has written about the event, as has the Register. These two articles focus on the opening address by Dr. Regina Dugan, the Director of DARPA. I was impressed by the talk. She regularly returned to a vexing dichotomy. The benefits of Internet-connected software are enormous. But these benefits are threatened by the increasing regularity and impact of cyberattacks. As examples, this Popular Science article catalogues some of the most costly data breaches in history, including very recent, and disturbing, events.
Richard Clarke was an invited speaker. I found one of his vignettes particularly interesting. During the Cold War, the Soviets targeted our civilian infrastructure, e.g., steel production, railroads, etc. The military protected that infrastructure from attack. Today, much of our critical infrastructure is open to cyberattack, and a successful attack could have similarly devastating consequences. Yet companies are left to protect themselves even though there is little incentive to do a good job. If a power plant hooks up its SCADA system to the network, it is vulnerable to attack (as the INL experiments showed). But if it does not, it will be less efficient in its operation, leading to lost revenue. Facing this tradeoff, companies choose the revenue over security, and put the country at risk.
Bruce Potter of Ponte technologies was also a speaker, and he emphasized the need to go to the root of the problem: build better software. Rather than try to prevent access (think firewalls and antivirus companies' host-based security systems (HBSSs)) or make software defects harder to exploit (think ASLR or DEP) he suggests we go to the root of the problem: write better software. Ironically, HBSSs are so large now (10M LOC) that they regularly succumb to attack! I have worked on methods to build secure software, so Potter's plea resonated with me. But I've also come to understand that incentives and policy play an important role, e.g., to foster adoption. I think there is an opportunity for cross-disciplinary research here.
The afternoon was dedicated to current and future DARPA programs, explained by the PMs in charge. Dr. Dugan pointed out in her speech that DARPA is spending upwards of $208M on cybersecurity research in FY12, up $88M from FY11, and hopes to increase spending by 8-12% per year. Defense Systems' summary has some verbage on these. Howie Shrobe, Tim Fraser, Kathleen Fisher, Drew Dean, and Dan Roelker all have, or will soon issue, programs aimed at producing highly reliable software. Dean's program was particularly interesting: turn verification problems into games, so that winning the game proves a property of software. Other programs contemplated means to detect and survive attack, inspired by the human immune system.
Most of the 700 attendees came from academia, industry, and government. The goal was a "frank discussion" between the attendees and DARPA on solutions to the problem of cybersecurity.
WIRED has written about the event, as has the Register. These two articles focus on the opening address by Dr. Regina Dugan, the Director of DARPA. I was impressed by the talk. She regularly returned to a vexing dichotomy. The benefits of Internet-connected software are enormous. But these benefits are threatened by the increasing regularity and impact of cyberattacks. As examples, this Popular Science article catalogues some of the most costly data breaches in history, including very recent, and disturbing, events.
Richard Clarke was an invited speaker. I found one of his vignettes particularly interesting. During the Cold War, the Soviets targeted our civilian infrastructure, e.g., steel production, railroads, etc. The military protected that infrastructure from attack. Today, much of our critical infrastructure is open to cyberattack, and a successful attack could have similarly devastating consequences. Yet companies are left to protect themselves even though there is little incentive to do a good job. If a power plant hooks up its SCADA system to the network, it is vulnerable to attack (as the INL experiments showed). But if it does not, it will be less efficient in its operation, leading to lost revenue. Facing this tradeoff, companies choose the revenue over security, and put the country at risk.
Bruce Potter of Ponte technologies was also a speaker, and he emphasized the need to go to the root of the problem: build better software. Rather than try to prevent access (think firewalls and antivirus companies' host-based security systems (HBSSs)) or make software defects harder to exploit (think ASLR or DEP) he suggests we go to the root of the problem: write better software. Ironically, HBSSs are so large now (10M LOC) that they regularly succumb to attack! I have worked on methods to build secure software, so Potter's plea resonated with me. But I've also come to understand that incentives and policy play an important role, e.g., to foster adoption. I think there is an opportunity for cross-disciplinary research here.
The afternoon was dedicated to current and future DARPA programs, explained by the PMs in charge. Dr. Dugan pointed out in her speech that DARPA is spending upwards of $208M on cybersecurity research in FY12, up $88M from FY11, and hopes to increase spending by 8-12% per year. Defense Systems' summary has some verbage on these. Howie Shrobe, Tim Fraser, Kathleen Fisher, Drew Dean, and Dan Roelker all have, or will soon issue, programs aimed at producing highly reliable software. Dean's program was particularly interesting: turn verification problems into games, so that winning the game proves a property of software. Other programs contemplated means to detect and survive attack, inspired by the human immune system.
Welcome
I have been on the job for about two weeks as Director of Maryland's Cybersecurity Center (MC2). Eric Chapman has been the Associate Director since September. This our blog for all things MC2.
We are writing this blog primarily to MC2 faculty and affiliates. Our goals are to keep you apprised of MC2-related activities, to report on events we attend when representing the Center, and to share some of our thoughts about the daunting problem of securing our computing infrastructure. We hope you will find these posts useful. We very much welcome your feedback and ideas.
We are currently revamping the MC2 web site and once that task is complete we will move this blog to be hosted at MC2. Until then, this space will be the main source for MC2 news.
We are writing this blog primarily to MC2 faculty and affiliates. Our goals are to keep you apprised of MC2-related activities, to report on events we attend when representing the Center, and to share some of our thoughts about the daunting problem of securing our computing infrastructure. We hope you will find these posts useful. We very much welcome your feedback and ideas.
We are currently revamping the MC2 web site and once that task is complete we will move this blog to be hosted at MC2. Until then, this space will be the main source for MC2 news.
Subscribe to:
Comments (Atom)