Anthony D. Joseph

UC Berkeley

SCRUB ISTC:Secure Computing

Research for Users’ Benefit

TRUST Autumn 2011 Conference

Insecurity is a tax on computing

Our lives, and our data, and our money, are increasingly flowing through our computers, our phones, …

However, technology isn’t always secure. 65% of Internet users have personally

experienced cybercrime Companies are concerned: 91% expressed

concern over exploits like those that hit Google 760 companies compromised through SecurID info theft

Security concerns slow adoption of technology

9

Malware-tolerant computing

Malware is a fact of life We cannot banish it. We must live with it We need technology for establishing security

amidst a sea of malware

Don’t want security problems to slow adoption of technology

Security touches many fields

Security

Systems

Architecture

Networking

UsabilityAlgorithms

Machine learning

1

SCRUB is a new Berkeley center focusing on security for user’s benefit Improve security for future technologies, at every layer of

the stack One of four Intel Science and Technology Centers

Model: industry funding (Intel) + collaboration 4 Intel researchers in residence on 7th floor Soda $2.5M/year in funding: 3 years + 2 year renewal option UCB PI: David Wagner. Intel PI: John Manferdelli. Associate Director: Anthony D. Joseph

Headquartered at Berkeley ($1.8M/yr) + CMU, Drexel, Duke, UIUC ($0.7M/yr)

New initiative: Security ISTC

Establish secure computing environment

via thin intermediation layer.

Make 3rd

party apps safe.

Enable one phone for both work and

personal use

Help administrators manage, monitor, and protect

their networks, information, & services.

Integrate security into network and system

architecture

SCRUB Research Agenda

Thin intermediation layer

Mobile security

Data-centric security

Security analytics

SC

RU

B

Security-centric networking

How do we make 3rd party apps safe?

How do we enable a rich, thriving marketplace?

Secure mobile phones

Robust, secure app stores Can we provide libraries/tools to developers to

make it easier to get security right than to get it wrong?

Understanding app behavior Can we automate parts of the app review process?

Secure phone platforms Can we improve the permission system? Ideally, it

would be usable yet still give users enough control The multi-use, multi-context device

Can we make the phone safe for personal use, without endangering corporate data or functionality?

Can we avoid carrying two phones, one for work and one for yourself, without losing security or privacy?

Example research challenges

Longer term, are app-centric mobile platforms a more effective model for securing the desktop?

Mobile Desktop?

?

Securing the desktop:

Thin intermediation layer

Hardware

Intermediation layer

OS

Web browser Banking appEmail

Thin

client

Data increasingly resides not only on end-user devices, but also on servers, cloud, …

Can we provide consistent protection for user data as it flows through a complex distributed system, no matter where it is stored?

Data-centric security

Proposal: Data-centric security. Attach security policies to data, and ensure they

stay bound together

Example: Data capsules, unsealable only within a secure execution environment e.g., secured with a TPM, information flow

tracking, …

Goal: A platform for secure computation, with privacy for user data

Data-centric security

How can the network architecture facilitate security?

What primitives should it provide to applications?

Network security

Monitoring network traffic… … at scale … with a view into application-level

semantics

Potential: Enable more sophisticated, semantic- aware analysis of network traffic, to detect and block attacks

Network security

Goal: robust security metrics and analyticsDeveloping tools combining machine learning

and program analysis to automatically extract features and build models

Improving users’ experiences by translating the reasoning behind security decisions into human understandable concepts

Designing robust algorithms and finding lower-bounds for techniques defending against adversarial manipulation

Security analytics

Adversarial Machine LearningIn real life, adversaries are Byzantine

In real life, adversaries are patient

They adapt behavior

Example goals:Avoid detection of attacksCause benign input to be classified as attacksLaunch a focused attackSearch a classifier to find blind-spots

Security analytics

Security Analytics and Metrics

Decision

Model

Biometrics

CollectorBiometrics

CollectorBiometrics

CollectorsAdversarial

Machine

LearningText

Analysis

Log

Analysis

Decision

Analysis

Code

Analysis

Metrics,

Alerts

We want to focus on security for all areas where users come in contact with technologyEnabling secure computing on malware-infected

computers Identifying primitives that hardware, networks,

OSs, … should provide, to best support securityDeveloping a better security paradigm for desktop

computers of the futureDesigning adversarial resistant algorithms for

measuring a system’s securityHelping users feel comfortable and safe with

computing and e-commerce

SCRUB Goals

SCRUB

Dawn Song David WagnerScott Shenker Doug Tygar

Vern PaxsonAnthony JosephDavid Culler Sylvia

Ratnasamy

Landon Cox Rachel

Greenstadt

Sam King Adrian Perrig

Ling Huang Vyas SekarPetros ManiatisJohn Manferdelli

Thrust areas

Secure mobile devices

Data-centric security

Secure thin intermediation layer

Security analytics

Security-centric network architectures