Research Areas - Security Research in the Computer Science Department at Carnegie Mellon

CSD faculty: Manuel Blum, Greg Ganger (ECE), Peter Lee, Bruce Maggs, Roy Maxion, Adrian Perrig (ECE), Frank Pfenning, Mike Reiter, Steve Rudich, Tuomas Sandholm, Dan Siewiorek, Dawn Song (ECE), Kymie Tan, Jeannette Wing, Hui Zhang

Roughly speaking, computer security is concerned with protecting computers and networks from misuse and interference. Historically, computer attacks have been viewed to include actions by an attacker to manipulate the functional behavior of the system (attacks on “integrity”); to cause the disclosure of information to unintended parties (attacks on “confidentiality”); or to infringe on the system’s use for its intended purpose (attacks on “availability”). However, computer security is an evolving field that now encompasses types of misuse that do not neatly fall into these categories, such as email that is commercial and unsolicited (“spam”) or intended to trick a user into disclosing information that can be used for identity theft (“phishing”).

1 From CERT to CyLab

The prominence of computer security, at Carnegie Mellon and more broadly, has grown dramatically in the past twenty years, due in large part to several noteworthy events. First, the vulnerability of the Internet to computer software fiaws was demonstrated in 1988, when the first Internet “worm” infected thousands of Unix computers. Carnegie Mellon responded by creating the CERT Coordination Center (CERT/CC; see http://www.cert.org), a center of Internet security expertise and the first such response center in the world. Second, the emergence of electronic commerce in the mid-1990s spurred the second growth of attention to computer security in the modern era. During this time, Carnegie Mellon was instrumental in the development of several technologies to facilitate electronic commerce, such as electronic payment systems and rigorous approaches to analyzing security protocols that are used to exchange secret information over public networks like the Internet. Third, the attacks of September 11, 2001 in the United States, though not targeted at information technology, underlined the vulnerability of critical infrastructures of all sorts to determined adversaries. Within the U.S., this led to the creation of the Department of Homeland Security, which partnered with Carnegie Mellon’s CERT/CC to create the United States Computer Emergency Readiness Team (see http://www.us-cert.gov). Also to amplify its efforts in computer security, Carnegie Mellon created CyLab (see http://www.cylab.Carnegie Mellon.edu), a university-wide initiative to advance computer security research and education both at Carnegie Mellon and elsewhere, through industrial and international partnerships.

Members of the Computer Science Department at Carnegie Mellon University have played a central role in growing computer security research in response to these developments, and continue to do so today. Below we outline several example research areas in which Carnegie Mellon faculty have been infiuential.

2 Research Thrusts

Cryptography Modern cryptographic protocols have benefited from fundamental developments in computational complexity theory and cryptographic primitives, several of which were pioneered by department faculty (M. Blum, Perrig, Reiter, Rudich, Sandholm, Song). Among these are zero-knowledge, which formalizes the notion that a protocol discloses no information other than what it is intended to demonstrate, and pseudorandomness, including algorithmic techniques for producing values that are indistinguishable, in a precise sense, from random values. Today, these notions have found numerous applications in modern encryption and multiparty cryptographic protocols, themselves topics of research for several department members. Other infiuential work in the department includes a fundamental analysis showing that there is no general obfuscator for programs.

Formal Methods Modern security mechanisms are often complex and difficult to reason about informally, and so often are plagued by vulnerabilities that go unseen for years. Department members have made significant advances in the application of formal methods (e.g., model checking, theorem proving) to detecting vulnerabilities in security protocols, detecting vulnerabilities arising from compositions of systems and/or other vulnerabilities, and modeling and implementing rich access control mechanisms.

Software Security The majority of vulnerabilities that are exploited today in deployed systems are due to implementation vulnerabilities and, in particular, software errors. Department members have developed techniques to support the deployment of software that provides strong guarantees of its behavior, including the absence of certain types of security vulnerabilities.. One development in this vein is proof-carrying code, i.e., software for which the consumer can easily validate certain properties of the software, by virtue of the software producer including a machine-checkable proof of these properties. Other advances include approaches to integrate information flow guarantees into type systems for programming languages, to perform automatic source to source transformations to make software more resilient to exploit attacks, and to automatically harden program binaries against new exploit attacks.

Intrusion detection When defenses fail, it is important that successful intrusions be detected so that damage can be contained. Department members have made advances in intrusion detection from a variety of different vantage points (Ganger, Maxion, Reiter, Song, Tan, Zhang). For example, a method of detecting the successful corruption of a process is to monitor its system calls, i.e., the requests the process makes to the operating system on which it runs, to detect the deviation of the process from its prior system call profile. Department members have made significant strides in advancing this technique. Other forms of intrusion detection being advanced by department members and affiliated faculty include monitoring to detect similar, coincident changes to the patterns of file updates that are shared across multiple hosts (as might be caused by a propagating worm); monitoring the disk interface to detect compromise of the host operating system; and monitoring command-line user input for deviations from past behavior (as might be caused by a hijacked login session).

Network Security Data networks such as the Internet are often used to launch attacks against computers, anonymously and from a distance. Department faculty are exploring techniques to address these attacks . One effort, for example, is developing techniques to detect or filter various types of attack traffic. Another effort is exploring techniques to track the source of certain types of potent attacks, such as self-propagating worms.

Security and Mobile Computing A common theme that distinguishes pervasive computing from traditional computing is the use of mobile computing platforms and location information. These features introduce new security challenges and opportunities. Department members are working toward access control models that are suitable for protecting location information while permitting its use for providing location-aware services. Other work in this space includes addressing the threat of mobile device capture, and utilizing the mobility and features of modern mobile devices to aid in cryptographic key exchange and security protocols.

Security and User Interfaces The field of security is notorious for building user interfaces that are difficult to use correctly. In one of the early works in this area, for example, a research effort in the department demonstrated the inadequacy of the state-of-the-art user interface of a then-popular email encryption program. Today, department faculty are developing novel user interfaces by which (i) a user can convince a remote computer that it is interacting with a human and not another computer (a reverse Turing test); (ii) a human can more effectively authenticate to a computer; and (iii) a human can more accurately configure access controls.

3 Summary

These examples are a handful of what is today a vibrant and sizable research portfolio in computer security within CSD. The strength of this research program is being recognized in the community. For example, in 2004, two National Science Foundation centers in information security have been awarded to Carnegie Mellon, and the Computer Science Department has figured prominently in each. The first is a Cyber Trust center-scale activity entitled “Security Through Interaction Modeling” (STIM). The second is an NSF Science and Technology Center (STC) entitled “Team for Research in Ubiquitous Secure Technology” (TRUST).

Looking forward, computer security and related topics are likely to remain areas of focus for department faculty, at least partially due to the evident need for solutions. It is well-known that society’s reliance on information technology continues to amass at a quick pace. At the same time, fundamental advances are needed in all the areas listed above, and then some, in order to address the vulnerabilities in deployed and emerging information technologies. In the past, the Computer Science Department at Carnegie Mellon has responded to technical challenges of significant societal importance, and its growing attention to these present problems indicates that it is doing so again.