November 7, 2012
Networking Group researchers have made available a new service that provides near real-time reputation information on TLS/SSL certificates. The ICSI Certificate Notary improves the security of users' Internet activity by allowing clients to compare certificates they encounter while browsing the Web against a third-party database. Such checks help avoid man-in-the-middle attacks where an adversary assumes the identity of a well-known secure site (for example, a bank or email provider) by serving a malicious certificate.
Vern Paxson of the Networking Group leads security research at ICSI. At our research review, he gave a talk titled "Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives," which described recent ICSI research on the socio-economic side of Internet security. Here is the talk abstract:
Security is at once a technical property of a system and a socio-economic property of the environment in which it operates. While the vast majority of security research and practice focuses on the first of these, a perspective limited to technical considerations misses an entire half of the problem space: the human element. This talk sketches some recent work exploring security issues from a socio-economic perspective, which highlights both interesting new problems to tackle and the power that such approaches can potentially provide to defenders.
Jiao Zhang is visiting ICSI's Networking Group, where she works with group leader Scott Shenker on caching management in information-centric networks. She received her bachelor's degree from the Beijing University of Posts and Telecommunications in 2008, and she is now a graduate student at Tsinghua University in Beijing, China.
This project investigates the roles played by economics and social interactions in Internet security. Security research has tended to focus on the technologies that enable and defend against attacks. This project emphasizes the human element of cybercrime, including the profits that motivate the majority of Internet attacks, the elaborate marketplaces that support them, and the relationships among cybercriminals, who rely upon each other for services and expertise. It will also study how social media such as Facebook and Twitter provide new opportunities for attacks and manipulation.
This project studies Internet censorship as practiced by some of today's nation-states. The effort emphasizes analyzing the technical measures used by censors and the extent to which their operations inflict collateral damage (unintended blocking or blocking of activity wholly outside the censoring nation). Researchers also study the vulnerabilities that arise because of how censorship operates by analyzing flaws in either how the censorship monitoring detects particular network traffic to suppress, or in how the monitor then attempts to block or disrupt the target traffic.
September 25, 2012
ICSI, the University of California, San Diego, and George Mason University have received a $10 million, five-year grant from the National Science Foundation to investigate the roles played by economics and social interactions in Internet security. While security research has tended to focus on the technologies that enable and defend against attacks, the new project emphasizes the profits that motivate the majority of Internet attacks, the elaborate marketplaces that support them, and the relationships among cybercriminals, who rely upon each other for services and expertise.
Researchers are developing a comprehensive approach to introducing parallelism across all stages of the complex deep packet inspection (DPI) pipeline. DPI is a crucial tool for protecting networks from emerging and sophisticated attacks. However, it is becoming increasingly difficult to implement DPI effectively due to the rising need for more complex analysis, combined with the relentless growth in the volume of network traffic that these systems must inspect.
Researchers are designing infrastructures for specialized network appliances, called middleboxes, that consolidate their management, reducing the cost of deploying new middleboxes and simplifying network management. Middleboxes fill a number of needs and include network intrusion detection systems and WAN optimizers. They are typically added to a network as a need arises, and each has its own management interface. In this project, researchers will explore architectures that provide centralized control.
In collaboration with the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign, researchers are improving the Bro Intrusion Detection System, an open-source network monitoring framework that helps defend networks against attacks. The system monitors networks at major universities, large research labs, supercomputing centers, and open–science communities around the country. Many of these networks have tens of thousands of systems each, and some have as many as 100,000. In this project, researchers are working to unify and modernize the Bro code base, to improve its performance capabilities to deal with large-scale networks, and to improve its integration into operational deployments.
Earlier this month, ICSI's Bro team held the first "Bro Exchange:" a meeting aimed at bringing together a large number of Bro users to exchange thoughts and experiences deploying the system. Bro is an open-source network security monitor developed by a team of researchers and engineers at ICSI and NCSA. About 50 Bro users from industry, research labs, and universities attended the event, which was hosted by the National Center for Atmospheric Research in Boulder, Colorado.
Vern Paxson of the Networking Group leads security research at ICSI. At our research review, he gave a talk titled "Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives," which described recent ICSI research on the socio-economic side of Internet security. Here is the talk abstract:
Jiao Zhang is visiting ICSI's Networking Group, where she works with group leader Scott Shenker on caching management in information-centric networks. She received her bachelor's degree from the Beijing University of Posts and Telecommunications in 2008, and she is now a graduate student at Tsinghua University in Beijing, China. 