- You are subscribed to this talk through .
- You are watching this talk through .
- You are subscribed to this talk. (unsubscribe, watch)
- You are watching this talk. (unwatch, subscribe)
- You are not subscribed to this talk. (watch, subscribe)
Tudor Dumitras
Improving System Security with Big Data Techniques
Many security models have been proposed, including metrics for evaluating vulnerabilities and attack surfaces, attack graphs, models of adversaries and game-theoretical approaches for predicting the co-evolution of attacks and defenses in cyber security. However, practical experience suggests that these metrics exhibit a low level of correlation with vulnerabilities and attacks in the real world, and they do not adequately capture the capabilities of adversaries.
In this talk, I will present our research on using Big Data techniques for understanding how security fails in the field. For example, we showed that zero-day attacks, which exploit vulnerabilities before their public disclosure, go on undetected for 312 days (approximately 10 months) on average. The duration of zero-day attacks had remained an open question for more than a decade because these attacks are rare events that are unlikely to be observed in honeypots or in lab experiments. I will also present the WINE data analytics platform that has enabled these results. WINE allows researchers to conduct experiments at scale and includes security telemetry collected by Symantec on 11 million hosts worldwide and updated continuously. Finally, I will discuss our ongoing empirical research into various security problems, and the implications of this research for public policy and future security technologies.
I am also looking for new students. If you are interested in these research topics, please get in touch with me.
Jeff Stuckman
A Framework for Security Vulnerability Likelihood Estimation
Security vulnerabilities, or defects in programs that enable their security to be breached, frequently facilitate attacks against systems. Informal methodologies to gauge the security of a system have been proposed, and software product metrics have been used to score the likelihood that vulnerabilities are present. However, evaluating the validity of these assessments has proven difficult, as the concepts measured are often informal, confounding variables pervasively affect the study of metrics, and data for evaluation is often unavailable. In this talk, we present our efforts to build a framework for computing and validating software security vulnerability indicators. First, we demonstrate the BugBox framework, a structured corpus of web application security vulnerabilities which facilitates automated experiments. Next, we present a large-scale study of Java software product metrics, showing how metrics (such as security metrics) can be screened in a controlled environment to identify confounding factors which would impact their suitability for future study. Finally, we discuss our ongoing work in developing vulnerability indicators, with an emphasis on the challenges inherent in associating indicators of risk with the vulnerabilities which they facilitate.
Tudor Dumitras is an Assistant Professor in the Electrical & Computer Engineering Department at the University of Maryland, College Park. His research focuses on Big Data approaches to problems in system security and dependability. In his previous role at Symantec Research Labs he built the Worldwide Intelligence Network Environment (WINE) - a platform for experimenting with Big Data techniques. He received an Honorable Mention in the NSA competition for the Best Scientific Cybersecurity Paper of 2012. He also received the 2011 A. G. Jordan Award from the ECE Department at Carnegie Mellon University, the 2009 John Vlissides Award from ACM SIGPLAN, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University.
Jeffrey Stuckman is a PhD candidate at University of Maryland, College Park, working with Dr. James Purtilo. His research interests are in empirical software engineering, measurement, and security, with a focus on improving software security by analyzing corpora of known security vulnerabilities. He has contributed to BugBox, a repository and testbed for web application vulnerabilities, and has previously performed research in analyzing user behavior on publicly accessible wikis.