WPI Secure Systems Research Laboratory
The Secure Systems Laboratory at WPI was recently established with the sole purpose of advancing the knowledge in the design of End-to-End Secure Systems, Computer Architectures in the support of Security Systems & Networks, and security features in embedded microprocessors. At present, the laboratory is interested in attracting students that want to complete their PhD's in these areas.
As observed by
practitioners and researchers, the nature of threats to end-to-end security is
growing exponentially, see Figure 1. Further, the next generation of attacks
will likely come in the form of an attack by numbers (most directly linked to
denial of service attacks which are notoriously difficult to protect against).
In this context, sophisticated communities of hackers/crackers, such as
BLACKHAT users, compromised larger and larger number of unsuspecting (and
unsuspected) home personal computers in an effort to launch major coordinated
attacks on both Government and corporate networks.
We called these attacks “Swarm Attacks”, like a “swarm of bees”.
To avert such attacks, an Intrusion Detection & Countermeasure System (IDCS)
must impose minimal overhead on the overall network or single host system that
is protecting, and must be capable of sustaining its performance characteristics
under increasing loads and changes in the pattern of usage.
Figure 1 – Growth in Number of Incidents Handle by
Our approach to accomplish
these goals makes use of intelligent counter agents, called SAFE-bots, which can
be reproduced in great numbers, and are spawned in response to Swarm Attacks.
The WSSRL effort proposed here addresses Swarm Attacks as part of
the overall system architecture of an Intrusion Detection and Countermeasure
system called, S.A.F.E. s in the design
of such systems, and further explored “Swarm Intelligence” responses to Swarm
Attacks. Specifically, it
addresses the following issues:
Finally, a significant
problem with a number of recent research efforts in this area is the lack of
measurability. That is, new IDCS
systems are implemented and deployed fairly regularly but aside from some
anecdotal data; there is little hard evidence that supports their effectiveness.
For that matter, to date, there have been few theoretical descriptions of
what makes a system “good” in terms of its ability to sustain continuous
attacks or intrusions from either authorized or un-authorized users.
To the best of our knowledge, when considering the evaluation tools,
methodologies and/or Intrusion Detection & Countermeasure Systems or other
similar point-solution tools (such as an authentication scheme, the computing
community only has available limited statistical measures, such as those shown
in Lippman [LI99].
We propose here the concept
of “System Security” and/or “System Security resiliency” as an intrinsic
property that can be associated with a modern computer system.
The implication of this statement is that system security or system
resiliency to attacks is a property that can be inferred from the structure
of the system. This property is
uniquely different from the properties of its components.
Within this context, the statement that a component of a system such as a
firewall or router is secure does not necessarily imply that the “system” is
secure. Hence, “system
security” is a property that we can test for, measure, and characterize.
The bulk of our research in this area will focus on what we call this
core security issue. Further,
results from this work should lead to the development of technologies,
processes, and prototype implementations in the area of: security modeling,
security measurement and workload generation, static security analysis, and
security certification. If successful, this effort will create a national
security certification and measurement laboratory to be used by both government
agencies and industry in characterizing the security properties of their