CEWIT Newsletter

Press Room







July 30, 2008 Amdex Strengthens Partnership with Stony Brook University's Computer Science Department and CEWIT

July 28, 2008 "LI companies struggle to fill high-tech jobs" as printed in Newsday

June 8, 2008 CEWIT Announces 2008 International Conference on Cutting Edge Wireless & IT

May 16, 2008 "Tech firms hard hit by talent gap" as printed in Long Island Business News

May 12, 2008 Frey Family Foundation Establishes $1.5M Endowed Chair In Quantitative Finance At Stony Brook University

April 30, 2008 "Technical Insights" as printed in Frost and Sullivan

March 22, 2008 "Creating future scientists and technologists" as printed in Long Island Business News

November 13, 2007"Stony Brook's Center of Excellence in Wireless & IT, CEWIT, Chooses Advisory Board Chairperson

September 7, 2007 "Stony Brook professor snags three NSF awards" as printed in Long Island Business News

Come to CEWIT's Commercialization Conference

August 3, 2007 "Stony Brook University is where the DigiGirlz are" as printed in Long Island Business News

August 2, 2007 "LI colleges fight terror" as printed in Newsday.com

July 31, 2007 "Stony Brook University wins federal defense grants" as printed in Newsday.com

July 27, 2007 "Feds support Stony Brook's cyber-security research" as printed in Long Island Business News

July 25, 2007 "High-tech experience at DigiGirlz camp" as printed in Newsday.com

July 13, 2007 Stony Brook Receives Cyber-Security Research Grant

June 12, 2007 Stony Brook Graduate Wins 2006 ACM Award

May 29, 2007 Stony Brook Places Third in Baja SAE

April 27, 2007
Business, education leaders form tech-ed strategy

April 20, 2007
Microsoft, Stony Brook Unite for 'DigiGirlz' tech camp

March 8, 2007
CEWIT Receives $16 Mil Tech Donation From ZMD America, Inc.

March 2, 2007
LI Needs Tech Jobs

February 19, 2007
CEWIT Launches Immersive Virtual Environment Lab

February 19, 2007
CEWIT Chosen to Host Microsoft DigiGirlz Summer Camp

February 15, 2007
CEWIT Enters Into R&D Relationship With Cisco Systems

February 8, 2007
UGS Software Grant








>home/research/

Security

Design Techniques for Repairable Data Systems 
PI: Tzi-cker Chiueh 

A successful cyber-attack may render the service of the victim computer system unavailable for a period of time, owing to post-intrusion repair of the damage left by the attacker, or the direct outcome of the attack, e.g., denial of service attacks. Although a computer break-in could lead to a variety of losses, studies have shown that the most expensive line item among them is always the productivity or revenue loss due to the down time of mission-critical information systems. The cost structure of the loss from computer security breach suggests that the goal of a computer security system design should be to maximize the system availability, which is typically defined as MTTB/ (MTTB + MTTR), where MTTB and MTTR refer to mean time between consecutive security breaches and mean time to repair an intrusion damage, respectively. To make the availability metric as close to 1 as possible, one could either maximize the MTTB by hardening the system's security defense mechanisms, or minimize the MTTR by shortening the time to restore the system back to normal operating mode in case it is compromised. As most security research has in the past been invested in increasing the MTTB, it has become more and more expensive to make any substantial improvement over the MTTB. On the other hand, research on system design techniques to reduce the MTTR has been few and far in between. The goal of this proposal is to develop efficient design techniques to maximize the availability metric of data systems by reducing their MTTR after an intrusion is detected. We use the term "repairable data systems" to refer to the types of data systems that can significantly improve the speed and accuracy at which to repair damages caused by either malicious intrusion or honest human mistakes. To verify the effectiveness and generality of these techniques, they will be applied to a relational database server and a network file server, each on two different platforms, Linux and Microsoft Windows OS. Comprehensive performance experiments and measurements on the resulting prototypes will provide important and valuable insights into their implementation complexity and effectiveness in reducing the post-intrusion repair time, and potentially open up a new sub-area in computer security system research. (NSF)

Federal Cyber Service: Scholarship for Service
PIs: R. Sekar, Tzi-cker Chiueh, I.V. Ramakrishnan, Scott Stoller, Erez Zadok

This project has established a scholarship program to attract and retain graduate and undergraduate students who exhibit potential to become information assurance professionals. These students are provided intensive training in this field. Towards that, the project PIs have developed a carefully orchestrated combination of courses, hands-on practice, and research in information assurance that builds on the solid foundation of our highly recognized activities in cybersecurity, formal methods, programming languages, experimental systems, and databases. Students selected to this program participate in hands-on summer internships at federal agencies and become valuable members of the federal workforce after graduation.  (NSF)

A New Approach for Securing Systems Using Automated Adaptive Intrusion Response
PI: R. Sekar

Previous work in defending against hacker attacks have been focussed mainly on attack detection. Once an attack is detected, a system administrator is alerted so that he/she can decide on an appropriate course of action to respond to the attack. This reliance on manual effort has two drawbacks. First, it is too slow. A large fraction of today's attacks are automated, and are carried out by worms or networks of machines that have been previously compromised (and are now controlled) by an attacker. As a result, significant damage can occur before an appropriate response is launched. Recovery from such damage is labor-intensive and time-consuming, and will render the target system unavailable for hours if not days. Second, human capacity to generate responses is typically limited to simple actions such as stopping a compromised server or disconnecting the victim system from the network. Clearly, such responses can be too drastic and deny services to legitimate users. To overcome these problems, we develop several novel techniques in this project for automatic generation of responses to attacks. This approach can respond successfully against automated attacks. Moreover, sophisticated responses can be launched, including that of letting suspected processes to continue execution, while the rest of the system is shielded from its effect. Such an approach avoids damage due to a compromised application, yet it does not deny access to users.  (NSF) 

Model-Carrying Code: A New Approach for Mobile Code Security
PI: R. Sekar

A new approach to ensuring the security of mobile code is developed in this project. Mobile code has become an integral part of the Internet. It appears in many forms, such as ``active pages'' (e.g., pages with Java, Javascript, VBScript, or ActiveX content), content that invokes plug-ins or helper applications (e.g., Word, Excel, Postscript and Powerpoint documents or email attachments), and software that is explicitly downloaded from a freeware or commercial site. Since mobile code gets executed with the privileges of the user who downloaded the code, the risk of damage due to malicious or faulty mobile code is very high.  The approach to mobile-code security proposed here is called model-carrying code (MCC) and it enables a mobile-code consumer to understand and formally reason about what a piece of mobile code can do; check if the actions of the code are compatible with his/her security policies; and, if so, execute the code. The compatibility-checking process is automated, but if there are conflicts, consumers have the opportunity to refine their policies, taking into account the functionality provided by the mobile code. Finally, when the code is executed, the MCC framework uses advanced runtime-monitoring techniques to ensure that the code does not violate the consumer's (refined) policies.  (ONR) 

 

A Plan for Developing a Multi-University Industry/University Collaborative Research Center on Cyber Security
PIs: R. Sekar, T. Chiueh, I.V. Ramakrishnan, Radu Sion, Scott Stoller

Networked information systems are playing increasingly important roles in critical infrastructures that support commerce, banking, telecommunication, and national security. The grave threat posed by the rising trend in cyber-attacks has been widely recognized. The 1998 Presidential Directive on Critical Infrastructure Protection highlighted the need for public-private partnership to tackle this threat. New research programs, such as NSF's Cyber-Trust program, have been launched to promote fundamental research that addresses this problem. However, what has been lacking is a significant investment in industry-academia partnerships to tackle applied problems in cyber-security that can lead to deployable solutions. In the absence of such investment, research in academia has not substantially impacted the practice of cyber-security.  To address this problem, we plan to establish an Industry/ University Collaborative Research Center (I/UCRC) on Cyber Protection at Stony Brook, in collaboration with a few other leading institutions. This project is the first phase of Center development.  (NSF)

Model Checking for Detecting Computer System Vulnerabilities
PIs: C.R. Ramakrishnan, I.V. Ramakrishnan, S. Smolka, R. Sekar, and Scott Stoller

We developing a formal modeling framework for the modeling, simulation, and analysis of ad hoc wireless networks and their protocols, such as the Ad Hoc On-Demand Distance Vector (AODV) protocol. We model such protocols in the omega-calculus, a new modeling formalism for mobile ad hoc network protocols, which is a part of our ongoing research work. AODV is an on-demand routing protocol for mobile ad hoc wireless networks, and we model the behavior of a node running AODV in terms of its reaction to the events it may encounter. These are: receiving a data packet, route request, route reply, or route error. In the omega-calculus, nodes are modeled as agents and both broadcast and unicast inter-agent communication primitives are provided. An agent in the calculus is a process tagged with an interface. A process triggers the actions of an agent, and the interfaces of all the agents running in parallel represent the topology of the network formed by these agents. As such agent mobility is inherent in the calculus and need not be modeled explicitly. Rather, changes in the network topology due to agent mobility are captured in the calculus by corresponding changes to agent interfaces.  (NSF ITR)