Presentation is loading. Please wait.

Presentation is loading. Please wait.

Successes and Failures applying to SaTC/TWC/TC/CT Nikita Borisov University of Illinois at Urbana- Champaign.

Published byAvis Rose Modified over 8 years ago

Similar presentations

Presentation on theme: "Successes and Failures applying to SaTC/TWC/TC/CT Nikita Borisov University of Illinois at Urbana- Champaign."— Presentation transcript:

1 Successes and Failures applying to SaTC/TWC/TC/CT Nikita Borisov University of Illinois at Urbana- Champaign

2 My SaTC Experience First PI experience in 2006 Four funded projects through some version of SaTC – Vulnerability signatures in intrusion detection – Security and privacy in building automation – Network traffic analysis – Anonymous communications (CAREER) About as many rejections Half dozen panels

3 Vulnerability Signatures Traditional signatures in intrusion detection: recognize attack – E.g., “AAAA….AAAA?idapi.ida” for CodeRed Too specific: – CodeRed II used “NNNN….NNNN?idapi.ida” Vulnerability signatures: recognize attack vector Challenge: faithfully reconstruct application parsing state with high performance

4 Behind the Proposal Genesis: internship at Microsoft Research as graduate student Development: – Identify basic research challenges – Create evaluation strategy Collaboration: – Two senior co-PIs / mentors

5 Building Automation Newer buildings use networked sensors and controls for lights, doors, HVAC, etc. Opportunity for applications that enrich inhabitants’ lives Woefully insecure Challenge: design interface that enables applications while preserving important privacy and security constraints

6 Behind the Proposal Genesis: Class project on applications for building automation Development: – Identify general principles that can be applied in this setting Collaboration: – My co-instructor in the course

7 Traffic Analysis Encrypted network traffic contains patterns: packet sizes, timings, counts, … Side channel that reveals information – User identity – Password characters – Web page content – VoIP phrases Challenge: Rigorous, systematic understanding of attacks and defenses

8 Behind the Proposal Genesis: Attack paper on network watermarking schemes Development: – Identify several important problems – Formulate fundamental theoretic questions – Connect them to experimental validation plan Collaboration: – Co-author from attack paper – Another communications expert – Senior mentor

9 Anonymous Communications Internet communication leaks metadata about interests, relationships, behavior, etc. This information is (ab)used by ISPs, employers, advertisers, intelligence agencies, repressive regimes, … Anonymity networks, such as Tor help protect metadata, but at a large performance cost Challenge: creating scalable, high-performance overlay networks while minimizing leaked information

10 Behind the Proposal Genesis: PhD work, followed by several years of research Development: – Detailed description of next few research papers Collaboration: – Support letters from foreign collaborator

11 Lessons from Rejections SaTC panelists are notorious skeptics! – Your job to convince them your approach will work and be secure Missing related work can be a killer – Spend twice as much time as you think you need Avoid being too broad

12 Closing Thoughts Get thee on a panel! – Can’t beat first-hand experience – PMs often struggle to fill slots Get co-PIs with prior SaTC successes – Can be helpful even at a low commitment level Enjoy the experience! – Even unfunded proposals have payoffs

Download ppt "Successes and Failures applying to SaTC/TWC/TC/CT Nikita Borisov University of Illinois at Urbana- Champaign."

Similar presentations

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.

Protecting Cyber-TA Contributors: Risks and Challenges Vitaly Shmatikov The University of Texas at Austin.
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Enabling the Social Web Krishna P. Gummadi Networked Systems Group Max Planck Institute for Software Systems.

Enabling the Social Web Krishna P. Gummadi Networked Systems Group Max Planck Institute for Software Systems.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Chapter © 2010 South-Western, Cengage Learning Planning Your Career 2.1 2.1Finding the Right Career Fit 2.2 2.2Finding Career Opportunities 2.

Chapter © 2010 South-Western, Cengage Learning Planning Your Career Finding the Right Career Fit Finding Career Opportunities 2.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Now that you have the job, what do you do to keep it for a long time? Kenneth J. Sher University of Missouri – Columbia Part of a symposium, “Building.

Now that you have the job, what do you do to keep it for a long time? Kenneth J. Sher University of Missouri – Columbia Part of a symposium, “Building.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Science of Security Experimentation John McHugh, Dalhousie University Jennifer Bayuk, Jennifer L Bayuk LLC Minaxi Gupta, Indiana University Roy Maxion,

Science of Security Experimentation John McHugh, Dalhousie University Jennifer Bayuk, Jennifer L Bayuk LLC Minaxi Gupta, Indiana University Roy Maxion,
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.

Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.

Similar presentations

Ads by Google