1 / 12

Successes and Failures applying to SaTC /TWC/TC/CT

Successes and Failures applying to SaTC /TWC/TC/CT. Nikita Borisov University of Illinois at Urbana-Champaign. My SaTC Experience. First PI experience in 2006 Four funded projects through some version of SaTC Vulnerability signatures in intrusion detection

jennis
Download Presentation

Successes and Failures applying to SaTC /TWC/TC/CT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Successes and Failures applying to SaTC/TWC/TC/CT Nikita Borisov University of Illinois at Urbana-Champaign

  2. My SaTC Experience • First PI experience in 2006 • Four funded projects through some version of SaTC • Vulnerability signatures in intrusion detection • Security and privacy in building automation • Network traffic analysis • Anonymous communications (CAREER) • About as many rejections • Half dozen panels

  3. Vulnerability Signatures • Traditional signatures in intrusion detection: recognize attack • E.g., “AAAA….AAAA?idapi.ida” for CodeRed • Too specific: • CodeRed II used “NNNN….NNNN?idapi.ida” • Vulnerability signatures: recognize attack vector • Challenge: faithfully reconstruct application parsing state with high performance

  4. Behind the Proposal • Genesis: internship at Microsoft Research as graduate student • Development: • Identify basic research challenges • Create evaluation strategy • Collaboration: • Two senior co-PIs / mentors

  5. Building Automation • Newer buildings use networked sensors and controls for lights, doors, HVAC, etc. • Opportunity for applications that enrich inhabitants’ lives • Woefully insecure • Challenge: design interface that enables applications while preserving important privacy and security constraints

  6. Behind the Proposal • Genesis: Class project on applications for building automation • Development: • Identify general principles that can be applied in this setting • Collaboration: • My co-instructor in the course

  7. Traffic Analysis • Encrypted network traffic contains patterns: packet sizes, timings, counts, … • Side channel that reveals information • User identity • Password characters • Web page content • VoIP phrases • Challenge: Rigorous, systematic understanding of attacks and defenses

  8. Behind the Proposal • Genesis: Attack paper on network watermarking schemes • Development: • Identify several important problems • Formulate fundamental theoretic questions • Connect them to experimental validation plan • Collaboration: • Co-author from attack paper • Another communications expert • Senior mentor

  9. Anonymous Communications • Internet communication leaks metadata about interests, relationships, behavior, etc. • This information is (ab)used by ISPs, employers, advertisers, intelligence agencies, repressive regimes, … • Anonymity networks, such as Tor help protect metadata, but at a large performance cost • Challenge: creating scalable, high-performance overlay networks while minimizing leaked information

  10. Behind the Proposal • Genesis: PhD work, followed by several years of research • Development: • Detailed description of next few research papers • Collaboration: • Support letters from foreign collaborator

  11. Lessons from Rejections • SaTC panelists are notorious skeptics! • Your job to convince them your approach will work and be secure • Missing related work can be a killer • Spend twice as much time as you think you need • Avoid being too broad

  12. Closing Thoughts • Get thee on a panel! • Can’t beat first-hand experience • PMs often struggle to fill slots • Get co-PIs with prior SaTC successes • Can be helpful even at a low commitment level • Enjoy the experience! • Even unfunded proposals have payoffs

More Related