WPI Worcester Polytechnic Institute

 

  HOME

  WSSRL

  VITAE

  RESEARCH

  PUBLICATIONS

  COURSES

    CS/EE 578

 

  Past Years

    2003-2004:

    CS525F

    CS4515

 

    2002-2003:

    CS525F-2003

   CS4515 -2003

   

WPI Secure Systems Research Laboratory

WSSRL

 

 

Mission | Research Focus | WSSRL Projects| Courses | Resources| WSSRL Presentations

Mission

The  Secure Systems Laboratory at WPI was recently established with the sole purpose of advancing the knowledge in the design of End-to-End Secure Systems,  Computer Architectures in the support of Security Systems & Networks, and security features in embedded microprocessors.  At present, the laboratory is interested in attracting students that want to complete their PhD's in these areas.

Principal Research Focus

Worcester Polytechnic Institute (WPI) Systems Security Research Laboratory (WSSRL), in conjunction with the Computer Science and the Electrical & Computer Engineering Departments at WPI, and several other Academic or Industrial institutions proposes to develop an advanced "System's Security" architecture (and its implementation) that addresses the problem of End-to-End security.  The proposed research moves current knowledge from the problem of creating a secure “fast” communication channel or protecting the integrity of data, such as the traditional work in encryption, authentication, and encryption algorithms, to that of protecting the system from a new class of security threats.

As observed by practitioners and researchers, the nature of threats to end-to-end security is growing exponentially, see Figure 1. Further, the next generation of attacks will likely come in the form of an attack by numbers (most directly linked to denial of service attacks which are notoriously difficult to protect against).  In this context, sophisticated communities of hackers/crackers, such as BLACKHAT users, compromised larger and larger number of unsuspecting (and unsuspected) home personal computers in an effort to launch major coordinated attacks on both Government and corporate networks.   We called these attacks “Swarm Attacks”, like a “swarm of bees”. To avert such attacks, an Intrusion Detection & Countermeasure System (IDCS) must impose minimal overhead on the overall network or single host system that is protecting, and must be capable of sustaining its performance characteristics under increasing loads and changes in the pattern of usage.

 

Figure 1 – Growth in Number of Incidents Handle by CERT/CCâ

Our approach to accomplish these goals makes use of intelligent counter agents, called SAFE-bots, which can be reproduced in great numbers, and are spawned in response to Swarm Attacks.  The WSSRL effort proposed here addresses Swarm Attacks as part of the overall system architecture of an Intrusion Detection and Countermeasure system called, S.A.F.E.  s in the design of such systems, and further explored “Swarm Intelligence” responses to Swarm Attacks.  Specifically, it addresses the following issues:

Nature of the intelligent counter agents, called SAFEbots
Spawning mechanisms; and
Effectiveness

Finally, a significant problem with a number of recent research efforts in this area is the lack of measurability.  That is, new IDCS systems are implemented and deployed fairly regularly but aside from some anecdotal data; there is little hard evidence that supports their effectiveness.  For that matter, to date, there have been few theoretical descriptions of what makes a system “good” in terms of its ability to sustain continuous attacks or intrusions from either authorized or un-authorized users.  To the best of our knowledge, when considering the evaluation tools, methodologies and/or Intrusion Detection & Countermeasure Systems or other similar point-solution tools (such as an authentication scheme, the computing community only has available limited statistical measures, such as those shown in Lippman.

We propose here the concept of “System Security” and/or “System Security resiliency” as an intrinsic property that can be associated with a modern computer system.  The implication of this statement is that system security or system resiliency to attacks is a property that can be inferred from the structure of the system.  This property is uniquely different from the properties of its components.  Within this context, the statement that a component of a system such as a firewall or router is secure does not necessarily imply that the “system” is secure.  Hence, “system security” is a property that we can test for, measure, and characterize.  The bulk of our research in this area will focus on what we call this core security issue.  Further, results from this work should lead to the development of technologies, processes, and prototype implementations in the area of: security modeling, security measurement and workload generation, static security analysis, and security certification. If successful, this effort will create a national security certification and measurement laboratory to be used by both government agencies and industry in characterizing the security properties of their environments.

 

WSSRL Research Projects

S.A.F.E.

Secure Architectures

Modeling

 

Courses

Systems Security - CS525 - 191F
 
Spring 2003 - Tuesdays and Thursdays 12:30 to 14:00
Fall 2003 - TBD

 

WSSRL Presentations

 

Intrusion Detection  & Countermeasures Systems - Part I

Intrusion Detection & Countermeasure System - Part II

WSSRL-TR-0301 (pdf), "Applying Byzantine Agreement Protocols to the Intrusion Detection Problem in Distributed Systems", Colon Osorio, Fernando C. and Xiaoning Wang, January 2003.