Fall 2006
September 22, 2006
Speaker: Jeannette M. Wing
President's Professor and Head of Computer Science Department,
Carnegie Mellon University
Title
Automatic Generation and Analysis of Attack Graphs
Abstract:
Attack graphs represent the ways in which an adversary can exploit vulnerabilities to break into a system. System administrators analyze these attack graphs to understand where their system's weaknesses lie and to help decide which security measures will be effective to deploy. In practice, attack graphs are produced manually by Red Teams. Construction by hand, however, is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this talk I present a technique, based on model checking, for generating attack graphs automatically. I also describe different analyses that system administrators can perform in trading off one security measure for another. These analyses can answer questions such as "Given a set of measures, what is a minimum subset needed to make this system safe?" This work is joint with Somesh Jha and Oleg Sheyner.
Biography
Dr. Jeannette M. Wing is the President's Professor of Computer Science and the Head of the Computer Science Department at Carnegie Mellon University. She received her S.B. and S.M. degrees in Electrical Engineering and Computer Science in 1979 and her Ph.D. degree in Computer Science in 1983, all from the Massachusetts Institute of Technology.
Professor Wing's general research interests are in the areas of specification and verification, concurrent and distributed systems, and programming languages. Her current focus is on the foundations of trustworthy computing.
Professor Wing is a member of many advisory boards, including the National Academies of Sciences's Computer Science and Telecommunications Board, Microsoft's Trustworthy Computing Academic Advisory Board, and the Intel Research Pittsburgh's Advisory Board.
She is a Member-at-Large on ACM Council. She was a member of the DARPA Information Science and Technology (ISAT) Board and the National Science Foundation Scientific Advisory Board. She is a member of AAAS, ACM, IEEE, Sigma Xi, Phi Beta Kappa, Tau Beta Pi, and Eta Kappa Nu. Professor Wing is an ACM Fellow and an IEEE Fellow.
More Information:
October 20, 2006
Speaker: Wenke Lee
Associate Professor
College of Computing, Georgia Institute of Technology
Title
Botnet Detection and Response
Abstract:
A botnet is a network of compromised computers (or bots) commandeered by an adversary. Botnets have already become the platform of choice for launching attacks and committing frauds on the Internet.
In this talk, I will provide an overview of our research in botnet detection and response. I will first give an analysis of the botnet "command and control" structures. I will then describe our KarstNet project. KarstNet uses DDNS (Dynamics DNS) monitoring to identify domains associated with botnet command and control activities, and sinkholes such domains. I will also discuss some preliminary work in P2P botnet detection.
Biography
Wenke Lee is an Associate Professor in the College of Computing at Georgia Institute of Technology. He received a Ph.D. in Computer Science from Columbia University in 1999. His research interests include systems and network security, network management, applied cryptography, and data mining. His research is currently supported by NSF, ARO, ONR, DHS, and the industry.
He received a Best Paper Award at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99) in 1999, and a NSF CAREER Award in 2002.
He is a member of the ACM and the IEEE.