1 / 22

SCRUB ISTC: Secure Computing Research for Users’ Benefit TRUST Autumn 2011 Conference

SCRUB ISTC: Secure Computing Research for Users’ Benefit TRUST Autumn 2011 Conference. Anthony D. Joseph UC Berkeley. Insecurity is a tax on computing. Our lives, and our data, and our money, are increasingly flowing through our computers, our phones, …

tad
Download Presentation

SCRUB ISTC: Secure Computing Research for Users’ Benefit TRUST Autumn 2011 Conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCRUB ISTC:Secure Computing Research for Users’ BenefitTRUST Autumn 2011 Conference Anthony D. Joseph UC Berkeley

  2. Insecurity is a tax on computing • Our lives, and our data, and our money, are increasingly flowing through our computers, our phones, … • However, technology isn’t always secure. • 65% of Internet users have personally experienced cybercrime • Companies are concerned: 91% expressed concern over exploits like those that hit Google • 760 companies compromised through SecurID info theft • Security concerns slow adoption of technology 9

  3. Malware-tolerant computing • Malware is a fact of life • We cannot banish it. We must live with it • We need technology for establishing security amidst a sea of malware  Don’t want security problems to slow adoption oftechnology

  4. Security touches many fields Machine learning Algorithms Usability Security Systems Networking Architecture 1

  5. New initiative: Security ISTC • SCRUB is a new Berkeley center focusing on security for user’s benefit • Improve security for future technologies, at every layer of the stack • One of four Intel Science and Technology Centers • Model: industry funding (Intel)+ collaboration • 4 Intel researchers in residence on 7th floor Soda • $2.5M/year in funding: 3 years + 2 year renewal option • UCB PI: David Wagner. Intel PI: John Manferdelli. • Associate Director: Anthony D. Joseph • Headquartered at Berkeley ($1.8M/yr) + CMU, Drexel, Duke, UIUC ($0.7M/yr)

  6. Make 3rd party apps safe.Enable one phone for both work and personal use Establish secure computing environment via thin intermediation layer. Help administrators manage, monitor, and protect their networks, information, & services. Integrate security into network and system architecture

  7. SCRUB Research Agenda Thin intermediation layer Mobile security SCRUB Security analytics Data-centric security Security-centric networking

  8. Secure mobile phones • How do we make 3rd party apps safe? • How do we enable a rich, thriving marketplace?

  9. Example research challenges • Robust, secure app stores • Can we provide libraries/tools to developers to make it easier to get security right than to get it wrong? • Understanding app behavior • Can we automate parts of the app review process? • Secure phone platforms • Can we improve the permission system? Ideally, it would be usable yet still give users enough control • The multi-use, multi-context device • Can we make the phone safe for personal use, without endangering corporate data or functionality? • Can we avoid carrying two phones, one for work and one for yourself, without losing security or privacy?

  10. Mobile  Desktop? • Longer term, are app-centric mobile platforms a more effective model for securing the desktop? ?

  11. Securing the desktop:Thin intermediation layer Email Web browser Banking app OS Thin client Intermediation layer Hardware

  12. Data-centric security • Data increasingly resides not only on end-user devices, but also on servers, cloud, … • Can we provide consistent protection for user data as it flows through a complex distributed system, no matter where it is stored?

  13. Data-centric security • Proposal: Data-centric security. • Attach security policies to data, and ensure they stay bound together • Example: Data capsules, unsealable only within a secure execution environment • e.g., secured with a TPM, information flow tracking, … • Goal: A platform for secure computation, with privacy for user data

  14. Network security • How can the network architecture facilitate security? • What primitives should it provide to applications?

  15. Network security Monitoring network traffic… • … at scale • … with a view into application-level semantics • Potential: Enable more sophisticated, semantic- aware analysis of network traffic, to detect and block attacks

  16. Security analytics • Goal: robust security metrics and analytics • Developing tools combining machine learning and program analysis to automatically extract features and build models • Improving users’ experiences by translating the reasoning behind security decisions into human understandable concepts • Designing robust algorithms and finding lower-bounds for techniques defending against adversarial manipulation

  17. Adversarial Machine Learning • In real life, adversaries are Byzantine • In real life, adversaries are patient • They adapt behavior • Example goals: • Avoid detection of attacks • Cause benign input to be classified as attacks • Launch a focused attack • Search a classifier to find blind-spots

  18. Security analytics Security Analytics and Metrics Decision Model Biometrics Collector Biometrics Collector Biometrics Collectors Adversarial Machine Learning Text Analysis Metrics, Alerts Log Analysis Code Analysis Decision Analysis

  19. SCRUB Goals • We want to focus on security for all areas where users come in contact with technology • Enabling secure computing on malware-infected computers • Identifying primitives that hardware, networks, OSs, … should provide, to best support security • Developing a better security paradigm fordesktop computers of the future • Designing adversarial resistant algorithms for measuring a system’s security • Helpingusers feel comfortable and safe with computing and e-commerce

  20. SCRUB SylviaRatnasamy RachelGreenstadt David Culler Anthony Joseph Vern Paxson Landon Cox Scott Shenker Dawn Song Doug Tygar David Wagner Sam King Adrian Perrig Ling Huang John Manferdelli PetrosManiatis VyasSekar

  21. Thrust areas Secure mobile devices Data-centric security Secure thin intermediation layer Security analytics Security-centric network architectures

More Related