SIIS Laboratory Overview

1. SIIS Laboratory Overview Patrick McDaniel October 4, 2004 Computer Science and Engineering Pennsylvania State University

2. Mission “The SIIS Laboratory promotes student and scientific advancement through the investigation of emerging technologies upon which computer, network, and information security is based.”

3. Current Focus Areas • Current projects span broad topic areas in general systems security. • Actively expanding interests to other fields and applications Network Security OS Security Security Policy Applied Cryptography Applied Cryptography Privacy

4. Interdomain Routing Security • Organizational exchange of prefixes and path vectors to converge on global routing tables (BGP) • Associates address ranges (prefixes) with parent organizations (autonomous systems) • Builds global forwarding tables for IP traffic • Highlyvulnerable -- low and slow attacks or mis-configuration can remove continents • Ongoing work • Security/Threat models for IDR • Efficient cryptographic constructions • Origin authentication • Path Authentication • Control-plane security Network Security

5. Origin Data Mining and Analysis Origin (prefix ownership) • Data (August 2002-July 2003) - 6,898,383 origin transitions, 16,474 prefixes • Generally stable for most prefixes, constant AS • Most origin AS holding times are exponential, some Pareto (caused by edge effects) Path (routing stability) • Data (January 2003 - April 2004) - 2.55 billion route updates worldwide, 150 prefixes, thousands of routers • Most prefixes are very stable, reachable by a few paths • AS topology is relatively stable, most ASes reachable by a few paths • Paths restricted to simple “path sets” Network Security

6. Artifact Authentication in IR Origin Authentication • Validating the authenticity of ownership claims of address usage • Semantic definition for address use • Approximated delegation hierarchy from route advertisements • 16 organization delegate 80% of address space, 3-10% movement/month • Proposed and simulated vastly improved cryptographic proof systems (feasible) Path Authentication • Validating the authenticity of transient routes in Internet paths • Semantics of path advertisement • Stability study that the set of paths than AS advertises is relatively small • Use cryptographic proof systems, led to efficient structures • Simulations reduce common solutions by 96.5% over S-BGP • First feasible system demonstration Network Security

7. Detecting Spy-ware • Spy-ware implements some valuable function, and at the same time exposes sensitive data or resource (KaZaa) • Problem: How do we detect the execute of Spy-ware code in a running program? • Solution: use dynamic slicing to reconstruct dependencies from event traces (sys calls, Win API) toward, find privacy violations • Policy language used to describe policy violations, state • Implemented and benchmarked • Caught leakage in KaZaa • 0.05% additional system call cost for interactive program Operating Systems Security

8. Antigone • Policy Languages • Provisioning policy vs. authorization policy • Composition is fundamentally intractable • General purpose policy: Ismene • Enforcement separation • Antigone System build to compose large collections of diverse policies in single infrastructure. • Policy Compiler • Enforcement Infrastructure • Dozen of security mechanisms • 75,000+ lines of code • Applications • AMirD - general purpose replication platform • Highly flexible Transport layer security • Security for squad level hand held communications • In permanent demonstration exhibit at Fort Monmouth, NJ (ARMY) • Winner of DARPA’s Bang for the Buck award in Dynamic Coalition program Security Policy

9. Forward Secure Signatures • Advanced cryptographic construction used to mitigate future key compromise. • Signing key “lost” once signature made • Intractable to obtain signing key with future private key • Implementation of FSS • Search parameter space • Evaluate key size/memory tradeoffs • Community service • Constructed calculus for determine optimally of FSS solutions • RSA not necessarily better • Bottom line: like many constructions • Good or bad, be careful • 1 to 4 if properly used • 3+ OOM worse if not • RSA/DSA/ECC are appropriate for different environments (trade-offs) Applied Cryptography

10. Searching for privacy … • Recently, the Internet community has demanded more information about how websites deal with Privacy • P3P is an automated system for specifying site machine readable privacy policies • P3Poogle • Caches/evaluates P3P /wrt a user privacy policy • Privacy violations are visually indicated with site • integrates the Google API with caching of P3P • Implementation complete • Working HCI study at CMU • Reasonable performance Privacy

11. The future? • Security is about often applications … it should be about environments. • The ad hoc nature in which security is defined and achieved across and between systems is a central source of vulnerability.

12. Environmental Security POLICY VERIFICAITON Language Assessment Composition ENFORCEMENT • Articulating Intent • Enforcing across platforms and services • Understanding evolving compliance … must start with some trustable core (e.g., network)

13. The SIIS Laboratory … • Systems and Internet Infrastructure Laboratory • Launched 9/04 at CSE/PSU • Committed to the investigation and development of environment-oriented security solutions, e.g., • Infrastructure Security (routing, OS, DRM, etc.) • Policy (authorization, provisioning) • Security service analysis • Current support: ARPA, Symantec, and NSF • View papers and documentation of activites at: http://siis.cse.psu.edu/