The Science of Cyber Security. Peter Weinberger (Google Inc) (based on a study for DDR&E s Steven King, with no any conneceon to Google at all)

Transcription

1 The Science of Cyber Security Peter Weinberger (Google Inc) (based on a study for DDR&E s Steven King, with no any conneceon to Google at all)

2 Sponsor arranged a workshop S. King (OSD, sponsor) F. Schneider (Cornell) J. McLean (NRL) S. Forrest (UNM) G. Wagner (NSA) R. Meushaw (NSA) K. Jabbour (AFOSR) R. Rivest (MIT) D. Dean (DARPA) J. Mitchell (Stanford) J. Shamma (Georgia Tech) C. Landwehr (NSF) J. Manferdelli (MicrosoR) M. MarEn (U Penn) G. Holzmann (JPL) J. Chuang (UC Berkeley) R. Maxion (CMU) S. Savage (UCSD) P. Gallison (Harvard) 2

3 One View of the Problem Internet security problems are becoming more conspicuous with each passing day Online informaeon such as pornography and obsceniees are seriously harming the physical and mental health of minors. Criminal aceviees such as online fraud and ther are seriously harming public security. Computer viruses and hacker azacks are posing serious threats to the security of the operaeon of the Internet. Leaking of secrets via the Internet is posing serious threats to naeonal security and interests. : 关 April 29, 2010 On the development and management of the internet in our country hzp:// t _ shtm (or hric.org) 3

4 Is There a Science of Cyber Security Of course, but what sort of science? Stay tuned (but it s not going to look like relaevity) Cyber world is made by humans, as is the threat MathemaEcs will be important Will it solve the problem? Science doesn t solve problems, applying it might What problems? (definieons are key to progress) Desperate need to make research tools accessible Whose problem is this?

5 Funny Science Human adversaries AdapEve adversaries: clinical medicine, crops Analogies can be misleading; deterrence possible Can only manage the problem, never finish Human made world (mathemaecal essence) What is it about? (unpleasant surprises?) Define security? Good properees, bad properees, incomplete list

6 Issues Data and experiments The point of data is generalizability The peculiar nature of secrecy CivilizaEon vs the barbarians, the advantages: Take advantage of global knowledge Take advantage of computaeonal power

7 A few (two) recommendaeons Establish muleple cyber security base centers and projects within universiees and other research centers These programs should have a long Eme horizon and periodic reviews of accomplishments Apply the science, reduce it to pracece Review papers E.g., what problem does X not solve?

8 Good Things, e.g. Theory (clarify concepts and their relaeons) E.g., Impossibility theorems Model checking (viewed broadly) EffecEve bug finding in specificaeons at any level Machine learning (conenual adapeng)

9 Areas Where Science and Empirics Might Be Mutually Reinforcing Systems that present more uncertainty to azackers Can the defense adapt faster than azackers? (randomizaeon, virtualized rapid restart, heterogeneity) (Internal firewalls, war mode defenses) Building secure systems out of insecure components (muleple paths, audieng, checkpoints, virtualizaeon) Knowing the security state of a system by observaeon (external, embedded) (trivial: are you doing what you claim to be?) (tripwire and similar ways of looking separated in Eme or space) 9

10 New Technologies Bring New OpportuniEes New azacks, new defenses, new problems, grist for science Cell phones IP radios and ad hoc networks; WiFi access points Power meters and smart grid (not all problems are DoD problems) MulE core CPU architectures Cloud (whichever definieon you use) (new opportuniees for observaeon) Browsers and Web 2 Many nasty azacks and issues A kind of virtual machine that is sell malleable (standards based, moderate/separable backwards compaebility issues) Could apply knowledge and techniques too radical for lower layers [Akhawe, Barth, Lam et al 2010] 10