Chenxi Wang, Ph.D. - US grants

Modern distributed applications have sparked a growth of interest in "publish-subscribe" technologies, where the flow of information is determined by interest on the part of the receiver rather than by explicit addressing. While its rich communication model and dynamic addressing show great potential as a platform for selective information dissemination, the security aspects of publish-subscribe are not well understood. This work proposes to research and develop a security architecture for publish-subscribe systems, particularly to minimize the degree to which the publish-subscribe infrastructure must be trusted. The proposed research will also address the impact of security on system scalability, a typical goal of pub-sub systems. In addition to the design of a security architecture, this research will include a foundational characterization of security goals for such systems and simulations of security architectures that result from this study.

Since the Morris worm hit the Internet, the evolution of viruses and worms has kept anti-virus analysts busy developing new scanning and detection capabilities. New viruses continue to outsmart current technologies and wreak havoc. It is clear that existing strategies do not suffice but rather only contribute to the ongoing arms race between virus writers and the anti-virus industry. This proposal addresses the question: "What is the next big break, the next revolution in anti-virus technology?"

The PIs propose a joint effort between CMU, Symantec and CERT to research global defense mechanisms and deployment strategies. Instead of approaching the problem from the perspective of individual nodes, this research will take on a network-wide point of view. In addition to the immediate impact, the problem presents research challenges that are extremely appealing to theorists and practitioners alike.

The preliminary study suggests that there appears to be an analogy between the principles of self-organized criticality and virus propagation-once the dynamic state of propagation crosses a critical level of distribution, the virus flourishes and attains eventual prevalence. This is in contrast to the traditional epidemic threshold that is characterized using only static birth and death rate of the virus. Understanding this critical level of distribution is an interesting problem, and it is likely to point to new methods to thwart the spread of computer viruses. Studying the analogy between mathematical models such as dynamic-state models and virus propagation is a central theme of this proposal. The PIs propose three major thrusts in this work.

1) Determine the topology underlying modern viruses and worms. It has been suggested that virus propagation obeys a power-law structure much like the physical Internet topology. However, there is no reason to believe that viral propagations would mirror the physical topology of the network. Rather, evidence suggests that they follow some sort of a social network, or a random network in the case of some worms. Our work will be the first to develop a definitive model of virus propagation topology using real attack data and user data.

2) Develop a new model that captures propagation behavior on the virtual topology. Specifically, the PIs are interested in modeling a) topology-aware propagation behavior, b) the effect of environmental factors, and c) the dynamics between infections (dissipation) and defenses (feedback force).

3) Use the mathematical models to develop and reason about network-centric defense strategies.

The PI team is part of the Center for Computer and Communications Security (C3S) at CMU. One of the center's goals is to promote security education. We are in the process of engineering a new degree program-Master in Information Security. We expect this collaborative research effort to stimulate student interests and foster further research in information security. Symantec will be an industry partner throughout this effort. Specifically, they will supply us with their proprietary database containing an extensive dataset with respect to virus incidents. In addition, two of the PIs hold joint appointments with CERT (part of the Software Engineering Institute, an FFRDC operated by CMU) and have access to a large and growing body of data associated with real virus episodes.

Proposal Number: NSF-0433540

Title: Security Through Interaction Modeling (STIM)

PI: Michael Reiter

Computer misuse is often easier to recognize in particular instances than it is to specify in general, and is highly sensitive to experience and context. Nevertheless, few computer security technologies, if any, adequately utilize models of experience and context in defending against misuse. This research explores the thesis that many computer defenses can be dramatically improved, in both efficacy and usability, by modeling experience and context in a way that allows the models to become an integral element for defending the system. The interactions that can be modeled and potentially exploited are ubiquitous---they exist among persons (e.g., different user roles in access control), among computers and networks (e.g., what computers and networks typically correspond with what others), and even among attacks (e.g., what attacks realize the preconditions of others). Developing security technologies that better utilize such interactions forms the core of the research agenda in "security through interaction modeling" (STIM). This effort promises advances in diverse areas of security technology, such as attack traffic filtering, more usable authorization systems, and intrusion detection and response. A central goal of the STIM activity is education and outreach. Its efforts here include the construction of a security education portal and cybersecurity curricula for many education levels, ranging from children through college faculty.

Abstract

Proposal: CNS 0454279
PI: Gregory R. Ganger
Institution: Carnegie-Mellon University
Program: NSF 04-588 CISE Computing Research Infrastructure
Title: CRI: A Cost-Effective, Large-scale Storage Infrastructure for CMU Researchers


Investigators at Carnegie-Mellon University will build a prototype large-scale storage infrastructure from cost-effective components and explore computer science and applications research with this equipment. Researchers will acquire approximately 100 Terabytes of storage; it will be deeply instrumented to acquire information on workload, faults, administrative tasks, power and other parameters to support research on fault tolerance and self-management. Applications, including network intrusion research, design and testing of circuits, and nanotechnology will provide realistic workloads as well as be supported to enable advances in these research areas. Broader impacts of this include creation of cost effective storage architectures to support data intensive science and engineering applications.

This project, developing a shared network measurement analysis and storage infrastructure called the Datapository, aims at providing a common platform of data analysis and management tools. The instrument serves as a research platform for creating a larger-scale, publicly accessible measurement analysis and storage infrastructure. Collection and analysis of data from real deployments critically challenges the network community, as well as experiments driven by such data. This work aims at reducing the substantial administration time and costs associated with management large amounts of data needed by researchers by building a shared infrastructure from off-the-shelf components, and consequently facilitating the following research efforts:
-Creating Internet-scale forensic analysis architectures,
-Understanding and improving Internet routing,
-Designing and evaluating highly available network architectures,
-Evaluating novel data transfer architectures,
-Testing worm and intrusion detection algorithms on large network trace collections, and
-Enabling several educational outreach projects.

These efforts face a significant challenge of data management, organization, and analysis, requiring substantial hardware and software infrastructure to store and analyze terabytes of network measurement data. The Datapository includes database configuration and setup, schema optimization, data organization and classification, data distribution, hardware and operating system configuration, and the creation of a code to perform basic filtering and processing of the data. The measurement and analysis infrastructure will serve as the base prototype for the development of a large-scale publicly accessible network data repository.