Anthony D. Joseph UC Berkeley SCRUB ISTC: Secure Computing Research for Users’ Benefit TRUST Autumn 2011 Conference

Insecurity is a tax on computing  Our lives, and our data, and our money, are increasingly flowing through our computers, our phones, …  However, technology isn’t always secure.  65% of Internet users have personally experienced cybercrime  Companies are concerned: 91% expressed concern over exploits like those that hit Google  760 companies compromised through SecurID info theft  Security concerns slow adoption of technology 9

Malware-tolerant computing  Malware is a fact of life  We cannot banish it. We must live with it  We need technology for establishing security amidst a sea of malware  Don’t want security problems to slow adoption of technology

Security touches many fields Security Systems Architecture Networking UsabilityAlgorithms Machine learning 1

 SCRUB is a new Berkeley center focusing on security for user’s benefit  Improve security for future technologies, at every layer of the stack  One of four Intel Science and Technology Centers  Model: industry funding (Intel) + collaboration  4 Intel researchers in residence on 7 th floor Soda  $2.5M/year in funding: 3 years + 2 year renewal option  UCB PI: David Wagner. Intel PI: John Manferdelli.  Associate Director: Anthony D. Joseph  Headquartered at Berkeley ($1.8M/yr) + CMU, Drexel, Duke, UIUC ($0.7M/yr) New initiative: Security ISTC

Establish secure computing environment via thin intermediation layer. Make 3 rd party apps safe. Enable one phone for both work and personal use Help administrators manage, monitor, and protect their networks, information, & services. Integrate security into network and system architecture

SCRUB Research Agenda Thin intermediation layer Mobile security Data-centric security Security analytics SCRUB Security-centric networking

 How do we make 3 rd party apps safe?  How do we enable a rich, thriving marketplace? Secure mobile phones

 Robust, secure app stores  Can we provide libraries/tools to developers to make it easier to get security right than to get it wrong?  Understanding app behavior  Can we automate parts of the app review process?  Secure phone platforms  Can we improve the permission system? Ideally, it would be usable yet still give users enough control  The multi-use, multi-context device  Can we make the phone safe for personal use, without endangering corporate data or functionality?  Can we avoid carrying two phones, one for work and one for yourself, without losing security or privacy? Example research challenges

 Longer term, are app-centric mobile platforms a more effective model for securing the desktop? Mobile  Desktop? ?

Securing the desktop: Thin intermediation layer Hardware Intermediation layer OS Web browser Banking app Thin client

 Data increasingly resides not only on end-user devices, but also on servers, cloud, …  Can we provide consistent protection for user data as it flows through a complex distributed system, no matter where it is stored? Data-centric security

 Proposal: Data-centric security.  Attach security policies to data, and ensure they stay bound together  Example: Data capsules, unsealable only within a secure execution environment  e.g., secured with a TPM, information flow tracking, …  Goal: A platform for secure computation, with privacy for user data Data-centric security

 How can the network architecture facilitate security?  What primitives should it provide to applications? Network security

Monitoring network traffic…  … at scale  … with a view into application-level semantics  Potential: Enable more sophisticated, semantic- aware analysis of network traffic, to detect and block attacks Network security

 Goal: robust security metrics and analytics  Developing tools combining machine learning and program analysis to automatically extract features and build models  Improving users’ experiences by translating the reasoning behind security decisions into human understandable concepts  Designing robust algorithms and finding lower-bounds for techniques defending against adversarial manipulation Security analytics

Adversarial Machine Learning In real life, adversaries are Byzantine In real life, adversaries are patient They adapt behavior Example goals:  Avoid detection of attacks  Cause benign input to be classified as attacks  Launch a focused attack  Search a classifier to find blind-spots

Security analytics Security Analytics and Metrics Decision Model Biometrics Collector Biometrics Collector Biometrics Collectors Adversarial Machine Learning Text Analysis Log Analysis Decision Analysis Code Analysis Metrics, Alerts

 We want to focus on security for all areas where users come in contact with technology  Enabling secure computing on malware-infected computers  Identifying primitives that hardware, networks, OSs, … should provide, to best support security  Developing a better security paradigm for desktop computers of the future  Designing adversarial resistant algorithms for measuring a system’s security  Helping users feel comfortable and safe with computing and e-commerce SCRUB Goals

SCRUB Dawn SongDavid WagnerScott ShenkerDoug Tygar Vern PaxsonAnthony JosephDavid Culler Sylvia Ratnasamy Landon Cox Rachel Greenstadt Sam KingAdrian Perrig Ling HuangVyas SekarPetros ManiatisJohn Manferdelli

Thrust areas Secure mobile devices Data-centric security Secure thin intermediation layer Security analytics Security-centric network architectures