CS overview - Fall 2005 The Department of Computer Science at Columbia University Henning Schulzrinne, Chair Dept. of Computer Science Columbia University 2005

CS overview - Fall 2005 Columbia Computer Science in Numbers ~34 full-time faculty and lecturers + visitors, postdocs, adjunct faculty, joint appointments (EE, IEOR), …

CS overview - Fall 2005 Interacting with Humans (5) Interacting with Humans (5) Designing Digital Systems (4) Designing Digital Systems (4) Systems (11) Systems (11) Interacting with the Physical World (9) Interacting with the Physical World (9) Computer Science Theory (8) Research Making Sense of Data (7) Making Sense of Data (7)

CS overview - Fall 2005 Research areas Interacting with the Physical World graphics, robotics, vision Allen, Belhumeur, Feiner, Grinspun, Grunschlag, Jebara, Kender, Nayar, Ramamoorthi Interacting with Humans user interfaces, natural language and speech processing, collaborative work, personalized agents Feiner, Hirschberg, Kaiser, Kender, McKeown Systems networks, distributed systems, security, compilers, software engineering, programming languages, OS Aho, Bellovin, Edwards, Kaiser, Keromytis, Malkin, Misra, Nieh, Schulzrinne, Stolfo, Yemini Designing Digital Systems digital and VLSI design, CAD, asynchronous circuits, embedded systems Carloni, Edwards, Nowick, Unger Making Sense of Data databases, data mining, Web search, machine learning applications Cannon, Gravano, Jebara, Kaiser, Ross, Servedio, Stolfo Computer Science Theory cryptography, quantum computing, complexity, machine learning theory, graph theory, algorithms Aho, Galil, Gross, Malkin, Servedio, Traub, Wozniakowski, Yannakakis

CS overview - Fall 2005 Interacting with Humans (5) Interacting with Humans (5) Interacting with the Physical World (9) Interacting with the Physical World (9) Research

CS overview - Fall 2005 Newsblaster Automatic summarization of articles on the same event Generation of summary sentences Tracking events across days Foreign new  English summaries

CS overview - Fall 2005 Task Based Evaluation: Do summaries help users with research? Quality of facts gathered significantly better With Newsblaster than with no summaries User satisfaction higher With Newsblaster sentence summaries than Google style 1-sentence summaries Summaries contributed important facts With Newsblaster than Google summaries Full multi-document summarization more powerful than documents alone or single sentence summarization

CS overview - Fall 2005 Spoken Language Processing (Julia Hirschberg) Detecting and generating speakers’ emotional state Corpus-based, using lexical, acoustic and prosodic features Areas: Deceptive Speech vs. Truth-telling Anger/frustration, confidence/certainty in Online Tutoring Systems Charismatic Speech: What makes some speakers charismatic?

CS overview - Fall 2005 Systems (11) Systems (11) Research

CS overview - Fall 2005 Distributed Network Analysis (DNA) Faculty: Vishal Misra, Dan Rubenstein Mathematical modeling of communication/network systems also prototype & experiment to validate theory Topics: Resilient and Secure Networking Wireless (802.11, Mesh) Sensor Networks Overlay and P2P Networking Server Farms Analytical Techniques Stochastics Algorithms Control Theory, Queueing Theory, Information Theory

CS overview - Fall 2005 Distributed Multi-radio Allocation in Wireless Mesh Networks Research Objectives Improve the throughput of multi-hop networks by utilizing multiple channels. Develop a fully-distributed, self-stabilizing algorithm and protocol that assign channels to nodes. Build an experimental system using commodity hardware and evaluate the performance of the algorithm. Approach Multi-radio stations Semi-static channel assignment Goals Minimize interference Maintain connectivity Use self-stabilizing graph coloring algorithm

CS overview - Fall 2005 CEPSR research building Channel Allocation Protocol TCP/IP MCL* card A802.11card B NDIS**DevCon Windows XP Wireless Mesh Network Testbed 10 mesh boxes (sponsored by MSR) + 5 Desktop PCs b/g/a wireless adapters Mesh Connectivy Layer toolkit from MSR Multi-radio mesh node Allocates radios by Self- stabilizing algorithm based on graph coloring Fully distributed and self- organizing mechanism Mesh monitoring system Monitors and controls mesh networks from remote site Consistent throughput improvement of 20-50% for network

CS overview - Fall 2005 Evolution of VoIP “amazing – the phone rings” “does it do call transfer?” “how can I make it stop ringing?” catching up with the digital PBX long-distance calling, ca going beyond the black phone

CS overview - Fall 2005 Context-aware communication context = “the interrelated conditions in which something exists or occurs” anything known about the participants in the (potential) communication relationship both at caller and callee timeCPL capabilitiescaller preferences locationlocation-based call routing location events activity/availabilitypresence sensor data (mood, bio)privacy issues similar to location data

CS overview - Fall 2005 Creating services for VoIP Telecom model: Programmers create mass- market applications Web model: Users and administrators create universe of tailored applications “FrontPage for service creation” Based on presence, location, privacy preferences

CS overview - Fall 2005 System Administration Not much research done Generally ad hoc A high percentage of exploits occurs from sysadmin failings

CS overview - Fall 2005 Patch Management Patches have a high probability of breaking applications Production systems can't be patched without testing – but exploits frequently show up after the patch is released

CS overview - Fall 2005 Human Factors People don't know how to use security mechanisms People don't understand the effects of various security settings. If a user is running without root/Administrator privileges, are there normal operations that that person can't do? How do you grant that permission only? What threats are avoided by running without privileges?

CS overview - Fall 2005 Objective Deploy a collaborative intrusion detection and prevention solution capable of detecting “slow and low” broad stealthy scans, reconnaissance activities, and related behavior as precursors to a worm or targeted attack to multiple organizations in business longitudes. Leverage both header and payload anomaly detection to employ multiple defense strategies, including signature generation, to proactively protect vulnerable networks before the attack happens. June 14, 2005 Developing Profiles of Attackers: A Longitudinal Study Worminator/PAYL Intrusion Detection Group, Columbia University WWW: Scientific/Technical Approaches Worminator integrates with best-of-breed IDS sensors and enables privacy-preserving alert exchange between sites, finding and building profiles of common sources of scan or attack. PAYL (PAYLoad Anomaly Detection) enriches Worminator with information about common signatures of exploits or attacks, enabling a comprehensive response Next Generation Attacks New worms and attack vectors leverage a hitlist to reduce spread time upon launch These hitlists are built in massively parallel, very slow-and-stealthy fashion “Critical infrastructure” an increasing target from these sources By rapidly profiling sources of these hitlist generators, we can proactively protect vulnerable targets, even with “zero-day worms” Site B Site C Site A Surveillence detected at site A Surveillence detected at site B Surveillence detected at site C Common sources of scans for all three sites Profile and signature generation for defense

CS overview - Fall 2005 Computer Science Theory (8) Research

CS overview - Fall 2005 Foundations of Cryptography: The Next Generation Traditional Cryptography achieves provable security of protocols, but assumes a clean, controlled model (e.g., strongly relies on the secret keys being completely protected). This is not sufficient for the way crypto is used today! e.g., over the internet, concurrently with many other protocols; Crypto used everywhere, sometimes on small portable devices (smartcard, PDA), thus many opportunities to leak key. Key exposure is a major cause of security breaches, much more so than cryptanalysis. Our Work: expand theoretical foundations to capture provable security against strong, realistic attackers, including: Security when attacker can read the secret key (key exposure) Security when attacker can modify the secret key (tampering) Security against side channel attacks (power, timing analysis) Security in an Internet-like setting (when attacker can coordinate across several, unaware of each other, protocols).