| |
CCIED: Collaborative Center for Internet Epidemiology and Defenses
This NSF-funded center is a joint effort with researchers at UC San Diego focused on
the growing problem of large-scale subversion of Internet systems. The
purview of CCIED is to: (1) analyze this threat, spanning the range from
theoretical models to empirical assessments to potential innovations that
threaten to develop; (2) devise defenses, both point-wise (for single
systems or sites) and more globally; and (3) investigate the surrounding
legal and policy issues that in practice affect and constrain approaches
for countering the threat.
Understanding and Taming the Privacy Footprint
Typical Web pages may contain numerous third-party components, ranging from advertisement networks to analytics tools to third-party APIs necessary for page function. All of these components may leak information to third parties about the users' current activity. We are attempting to quantify this information leakage through a policy written in the Bro IDS. Preliminary analysis paints a bleak picture, as more than 1 percent of all HTTP requests observed by ICSI users are deliberately leaking information just through Google Analytics alone. We are also attempting to develop Web browser extensions that can preserve API functionality while removing information leakages.
Investigating the Underground Economy
One of the most disturbing recent
shifts in Internet attacks has been the change from attackers motivated
by glory or vanity to attackers motivated by commercial (criminal) gain.
This shift threatens to greatly accelerate the "arms race" between defenders
developing effective counters to attacks and highly motivated, well funded
attackers finding new ways to circumvent these innovations. In this project
we explore these marketplaces in an attempt to characterize their
constituencies, impact, and sundry elements, with the ultimate goal of
employing such analysis to shed light on bottlenecks/weak spots present
in the underground economy that can then be targeted to provide maximal
benefit for defenders.
Detecting and Preventing Network Attacks
We conduct extensive research
on technology for analyzing network traffic streams to detect attacks,
either in "real time" as they occur, or in support of post facto forensic
exploration. The particular context for much of this research is the
open-source "Bro" network intrusion detection system authored by ICSI
staff. Bro runs 24x7 operationally at a number of institutes, and we have
particularly close ties with the Lawrence Berkeley National Laboratory,
where Bro deployments have formed an integral part of the Institute's
cybersecurity operations for more than a decade.
Future Internet Architecture
Along with research groups around the world, we are exploring fundamental questions about Internet architecture. In particular, we are, "If we were to redesign the Internet, what would it look like?" This effort involves looking at all aspects of the Internet architecture, including addressing, intradomain routing, interdomain routing, naming, name resolution, network API, monitoring, and troubleshooting. Moreover, the effort involves both in-depth investigations of these isolated topics, and a synthesis of these aspects into a coherent and comprehensive future Internet architecture.
Open Software-Defined Networks
Today's routers and switches are both complicated and closed. The forwarding path on these boxes involve sophisticated ASICs, and the large base of installed software is typically closed and proprietary. Thus, functionality can only evolve on hardware design timescales, and only through the actions of the vendors. At ICSI, in collaboration with our colleagues at Stanford University, we are pursuing a radically different approach which we call Open Software-Defined Networks. In OSDN, the forwarding hardware is extremely simple, but has an interface that allows it to be controlled by software. In turn, the software is open-source and designed to manage the network as a whole, not just each individual box. This results in lower capital and operational costs and more sophisticated management functionality. At ICSI, we are exploring how to use this approach to manage home networks, enterprise networks, datacenter networks, and wide-area networks.
User-Centric Networking
In collaboration with Case Western Reserve University, we are investigating foundation architectural constructs that bring users into networked systems in a way that has to this point not been possible. Rather than relegating users to an artifact of the application layer, we seek to accommodate users and their relationships at all layers of the system and to give users new controls over how their traffic is handled by the system. More >>
More about the Networking Research Group
>>
top |
|
|
