Enclave and Network Security
![[topcap]](/images/floating_sidebar_topcap.png){kind=small}
Research Areas
![[bottomcap]](/images/floating_sidebar_bottomcap.png){kind=small}
Security becomes more complex when participating entities are physically separated from the current location; knowing who and what is communicating from a remote location complicates security decisions. Research in this area includes wireless computing, communication protocol design and verification, agent computation, quality-of-service protection, firewall design and testing, SCADA security, dynamic and protective routing, security for grid computing, and sensor net security.
Vulnerability Analysis and Threat Assessment/Avoidance
Existing vulnerabilities are a serious threat to computer systems and organizations. Research in security is needed to identify vulnerabilities in systems, evaluate the threat, and devise mechanisms that avoid them. Formalizing vulnerability, building quantitative models of threat, and experimental studies are needed to discover and evaluate solutions for dealing with threats to life and economy. This will result in algorithms, observations based on experiments, and infrastructure that can deal with expected and unexpected attacks in an adaptable and graceful manner. It will lead towards guidelines for building secure systems and databases. The research will build upon results in failure identification, fault-tolerance and reliability/safety. Vulnerabilities will be reduced by keeping an attacker uncertain and unaware about the latest version of databases/software and routing information that are in operation. This research will contribute to fundamental principles and policies for providing homeland security in information systems and applications in nuclear waste shipping, e-commerce, and disaster management. A better understanding of vulnerabilities in a variety of institutions such as schools, government agencies, air space and airports, and industrial plants will be explored. We will contribute to the outreach program of CERIAS security center at Purdue through preparation of education material and organizing workshops.
Development of a Safe, Virtual Imaging Instrument for Logically Destructive Experiments (ReAssure)
This proposal, developing a networked system to allow safe and rapid analysis of network security and vulnerabilities with respect to worms, viruses, and other malicious conduct, creates a reconfigurable facility, named ReASSURE, for efficient reproducible, controlled, and safely contained experiments in computer science and technology with emphasis on information assurance and security. The new instrument will integrate functionalities in a manner that will enable high levels of safety and efficiency in manipulating, testing, and developing potentially dangerous experimental networking and virtual machine software while providing computational power to remote users. Advancing the study of virtual machine technology, the activity offers settings where potentially dangerous experimentation with networking and VM technologies can be performed safely. Providing as testbed networking facility, the infrastructure supports projects that require “self-contained” computing environments in computer science (including security), computer technology, forensics, and information warfares.
A Survivable Information Infrastructure for National Civilian BioDefense
This project focuses on the theoretical foundation and the protocols that facilitate a survivable information infrastructure that meets the critical requirements of a national emergency response system. Specifically, the project will address the following challenges: (1) expand the existing theoretical framework to analyze the behavior of malicious and colluding participants; (2) design and construct a scalable survivable messaging system that operates correctly under a strong adversarial model that includes insider threat and denial of service attacks; (3) design and construct information access protocols that protect against compromised database servers providing incorrect data or servers that deny access to legitimate users; and (4) prevent malicious users from learning unauthorized information. The domain of application for this work is the Clinicians’ Biodefense Network (CBN), a nationwide Internet-based information exchange system designed to provide clinicians with critical information in the aftermath of a bioterrorist attack. The CBN is designed to mitigate benign Internet faults and to resist a physical attack on one location. However, it is not able to correctly operate under a stronger threat model that includes insider attacks. Solutions for this stronger threat model are not currently available and present a major research challenge. This project will construct a prototype survivable system based on the CBN, and from it draw general principles. It will develop a solid theoretical foundation and novel system tools to facilitate building national emergency networks that are resilient against cyber-attacks in crisis situations, when those networks are most urgently needed.
Scalable, Robust and Secure Group-Oriented Services for Wireless Mesh Networks
Wireless mesh networks are emerging as a promising robust low-cost network architecture able to provide increased coverage and larger bandwidth, resulting in higher quality of service and information availability. Many distributed applications provided on wireless mesh networks enable collaborations and sharing of information. Such applications benefit from scalable, robust and secure group services such as one-to-many or many-to-many multicast and distributed data access. Group services, in turn, require support from infrastructure protocols such as routing, or security mechanisms such as authentication, access control and key management.
The goal of this project is to advance state-of-the-art group-oriented services in the context of wireless mesh networks. The project presents new formulations of distributed problems capturing the particularities of wireless mesh networks and the interactions between security, availability and scalability. It also studies the viability and limitations of cross-layer design as a new paradigm of building secure network services. Innovative results consist of scalable one-to-many and many-to-many wireless multicast protocols that provide support for efficient group communication, scalable data sharing algorithms that are robust to malicious behavior, high-throughput, robust and secure routing that assist applications to achieve high-performance, scalable key management protocols and authentication mechanisms enabling decentralized infrastructure access services. This project contributes to the education of the next generation of secure systems designers, generating interactions between the distributed systems, security and wireless networks research areas.
Testing and Benchmarking Methodologies for Future Networking Security Mechanisms
Networks and computer systems are becoming increasingly attractive targets to large-scale programmed attacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vast number of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacks include e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, and many other applications. While there is a growing body of research techniques, prototypes, and commercial products that purport to protect these applications and the network infrastructure on which they rely, there is little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover, thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluated safely on a live network without affecting its operation.
To make rapid advancements in defending against these and future attacks, the state of the art in the evaluation of network security mechanisms must be improved. This will require the emergence of large-scale security testbeds coupled with new standards for testing and benchmarking that can make these testbeds truly useful. Current shortcomings and impediments to evaluating network security mechanisms include lack of scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms; and inadequate models of both the network and the transmitted data (benign and attack traffic). The latter is challenging because of the complexity of interactions among traffic, topology and protocols.
The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators; generators for topology and background traffic; data sets derived from live traffic; and tools to monitor and summarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.
In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.
The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.
Protecting TCP Congestion Control: Tools for Design, Analysis, and Emulation
The increasing volume of non-conforming and malicious traffic flows poses a serious challenge to the stability of the Internet. Such traffic flows could significantly throttle the data rates sustainable by TCP flows, and could affect millions of users who rely on the Internet for their daily business. The following three types of misbehaving flows: unresponsive TCP sessions, low-rate TCP-targeted attacks, and randomly scanning TCP worms, can be easy to launch and are enormously damaging.
This research takes an ambitious step in systematically developing: (i) dynamic router-based quarantine schemes to penalize unresponsive TCP flows; (ii) defense strategies for low-rate TCP-targeted attacks; (iii) router-based designs to effectively control indiscriminate TCP worms; and (iv) tools and methodologies for the evaluation of the proposed schemes, specifically using the DETER/Emulab emulation platform. The research will enable in-depth characterization of the misbehaving flows and the design of effective solutions for minimizing the vulnerability of the Internet to such flows.
This work will have an enormous practical impact, will foster new research directions towards a trustworthy Internet, will accelerate security research by streamlining the experimental process, and will train security students in both theory and hands-on experimentation.
A Testbed for Research and Development of Secure IP Multimedia Communication Services
This collaborative project, developing a testbed that enables research on understanding and analysis of vulnerabilities of Voice over IP (VoIP), investigates issues related to Quality of Service (QoS) in VoIP, taking into account possible attacks, identity management, spamming, Denial of Service (DoS) attacks, 911 emergency management, and high availability. Research results will be translated to engineering guidelines for preventing security breaches during development and deployment of VoIP networks. This VoIP infrastructure can, in turn, be reused for different multimedia services like video and instant messaging. Since VoIP is expected to reach critical mass during the next five years, many federal agencies are already putting migration strategies in place. In view that VoIP will have to interoperate with conventional Public Switched Telephone Network (PSTN), this work anticipates discovery of security holes and vulnerabilities during deployment and usage. Thus, vulnerabilities need to be investigated proactively and algorithms and techniques need to be developed to secure VoIP from security threats due to interoperability problems, lack of standards, attacks by hackers, script kiddies, spammers, corporate espionage, and terrorism. This multi-university project limits the scope to spam prevention, defense against DoS, securing 911 emergency services, study the impact of security and QoS.
Broader Impact: With 4 universities, this collaborative project studies security threats and solutions proactively and disseminates the results to commercial and government organizations. The research results should advance the research frontier in the area of security for next generation networks and create practical applications to implementation in VoIP networks. Results, translated into engineering guidelines, should impact developers. The experiments benefit from the geographically distributed sites while the test plan stimulates collaboration between faculty and students. Workshops have been held with participation from the Department of Homeland Security, Department of Defense, FBI, NSA, NIST, FCC, industry consortiums such as International Packet Communications Consortium (IPCC) and SIP.EDU in Internet2, VoPSF, VoIPSA, telecommunication service providers, vendors, and universities. This multi-university infrastructure provides an excellent opportunity for students to experience a real-life telecommunication network. This reconfigurable testbed may be integrated into many courses enabling new research and education in VoIP.
Self-Managing Distributed Virtual Environments
This collaborative SGER proposal investigates management and autonomic operational issues in running distributed virtual private environments. The proposal calls this environment a “VP-Grid”; organic in function, a VP-Grid acts as an overlay on top of existing grid resources and dynamically adjusts at run-time in response to resource and network conditions in emulating a virtual grid environment. The SGER proposal introduces management mechanisms to support functions associated with creation and operation of a VP-Grid. This “self-management” environment will then be evaluated using an emulation program for dynamic worm infection.
Specifically, the research tasks are outlined to include: explore application-specific administration policy specification and enforcement through instantiation of self-management agents within the virtual VP-Grid and outside (i.e. on the underlying Grid resources); investigate effectiveness of orchestration methods (scaling, re-location and topology adjustment) by application-driven conditions and demands; and perform a system emulation based on a real Internet worm code.
H-Media - the Holistic-Multistream Environment for Distributed Immersive Applications
3D tele-immersive collaborative environments are becoming a reality. The emerging tele-immersive (TI) technology empowers and enables collaborative interactions and a plethora of new applications among geographically distributed sites. TI technology allows creation of a cyber TI room, where geographically separated users can jointly perform physical activities such as dance or exercise. This project is working to take this vision further and allow users to participate in simultaneous TI sessions and to cyber-walk between TI rooms. To achieve the TI rooms vision, the underlying cyber-physical infrastructure must consider both (a) streams of 3D data as a first class object in its design and in its deployment, and (b) holistic end-to-end management of the multi-stream environments for each TI room. Hence, the project is developing a Holistic Multi-stream Environment for Distributed Immersive Applications (H-MEDIA). They will investigate (a) system architectures with correlated multi-streaming; (b) real-time virtualization of resources for resource isolation between individual TI rooms and switching (cyber-walk) between rooms; (c) end-to-end configurable, robust and fault-tolerant virtual networks for different rooms; and (d) adaptive configuration and system management that will yield customizable, stable, adaptable, available and robust individual TI rooms. H-MEDIA research will have impact on communities in computer science and also on medical, social science and other domains. The H-MEDIA project will also result in educational benefits such as involving graduate students research in very novel TI technologies, inclusion of undergraduate students, and impact on education in other disciplines such as new teaching of choreography in TI environments, as well as many others.
Enabling Detection of Elusive Malware by Going Out of the Box with Semantically Reconstructed View
There is an alarming trend that elusive malware is armed with techniques that detect, evade, and subvert malware detection facilities of the victim. On the defensive side, a fundamental limitation of traditional host-based anti-malware systems is that they run inside the very hosts they are protecting, making them vulnerable to malware’s counter-detection and subversion. To address this limitation, solutions using virtual machine (VM) technologies advocate placing the malware detection facility outside of the protected VM. However, a dilemma exists between these two approaches: The “”out of the box”” approach gains tamper resistance at the cost of losing the native, semantic view of the host enjoyed by the “”in the box”” approach. To resolve the above dilemma, a new approach called OBSERV (“”Out of the Box with SEmantically Reconstructed View”“) is introduced to achieve the advantages of both camps by reconstructing the semantic internal view of a VM from external, low-level observations. OBSERV enables two exciting malware defense opportunities: (1) malware detection by view comparison and (2) real-time detection and stoppage of kernel-level rootkits. The broader impact of this research is two-fold: (1) It will enhance the trustworthiness and effectiveness of widely deployed anti-malware systems. Moreover, OBSERV is expected to be viewed favorably by the anti-virus software industry because of its support for existing off-the-shelf anti-virus software. (2) Results from this research will lead to the development of education materials for undergraduate and graduate courses and for professional training sessions.
