Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University.

Similar presentations


Presentation on theme: "Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University."— Presentation transcript:

1 Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University

2 2 Our Approach & Ongoing Projects u Compile-time n Program analysis t detect security bugs t extract behavior models –For verifying security properties –For enforcing security policies n Program transformation techniques to mask them t Detect all memory errors in C programs t Efficient techniques to prevent exploitation of memory errors Comprehensive treatment of security at every stage of software development & operation

3 3 Our Approach (Contd.) u Link/load time n Binary analysis and transformation techniques u Installation time n Vulnerability analysis of composite systems/configurations u Runtime n Intrusion detection/prevention t Policy/behavior enforcement t Anomaly detection u Post attack n Isolation of untrusted/compromised software t Prevent attacks from compromising security-critical data n Self-healing systems t Reconfigure systems on-the-fly to filter out attacks

4 4 Host-Based Intrusion Detection u Efficient techniques for extracting program behavior models n FSA models of program behavior t Lot of followup work on this n Ability to detect types of attacks that program-based anomaly detectors have been poor at t Race conditions t Some types of omissions n Do formal reasoning on possible behaviors, provide specific guarantees

5 5 Host-based Intrusion Detection u Specification-based intrusion detection n Expressive policy language n Efficient enforcement u Behavior containment n Model-carrying code n Alcatraz tool for confining untrusted code u Program behavior models provide the missing link t Enable policy development

6 6 Network Intrusion Detection u Combine specification-based and anomaly based detection techniques u Simple state-machine models of network protocols n TCP n SMTP u Superimpose machine learning on top of the state machine model u Surprising level of effectiveness u Key components n Efficient aggregation algorithms n Domain-specific language that provides programmer control, but does not require detailed programming

7 7 Further Information u Personal home pages n See http://seclab.cs.sunysb.edu/sekar/http://seclab.cs.sunysb.edu/sekar/ u Laboratory home pages n See http://seclab.cs.sunysb.edu/http://seclab.cs.sunysb.edu/ u Center for Cybersecurity homepage n http://ccs.cs.sunysb.edu/ http://ccs.cs.sunysb.edu/


Download ppt "Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University."

Similar presentations


Ads by Google