OTTAWA — Operators of a new security research lab at Carleton University are preparing to wage an unconventional war against malicious viruses and worms.
The lab, which was officially opened Monday, was described by its director as
an autonomous Internet infrastructure designed to give graduate and undergraduate students the chance to see how the different components of a network interoperate. This could help teach them how each one can be exploited by a virus or worm launched by an outside hacker, said Paul Van Oorschot, the lab’s director and computer science professor.
“”From the point of the attacker, they’re just trying to find one … chink in the armor to take advantage of,”” he said. “”And we have to understand all of them to ensure that all of the spots are protected against.””
In doing so, the lab’s researchers will depart from conventional forms of data security investigation and examine ways to better protect the actual software found within each network.
So far, much emphasis has been placed on encrypting data and installing the necessary virus scanners and firewalls, said Alec Main, chief technology officer of Cloakware. The Ottawa-based applications security company is one of the lab’s major sponsors.
“”The problem is, the attacks aren’t on the data,”” said Main. “”Network security is a perimeter defence that tends to get bypassed. And once you get past the perimeter, all the riches are there waiting for you.””
The real challenge arises when software gets attacked – particularly the software that decides whether to grant network access to users.
“”People are realizing that cryptography does a great job … at solving data security problems, but it’s clearly not stopping viruses and worms,”” said Main. “”So we need to look at the next step in security … which is software protection.””
For researchers, this means foraying into a realm of computer science that remains relatively untouched: computational complexity. While there has been work done in this area, it pales in comparison to the amount of work that has typically been done in mathematics and cryptography, said Main.
Van Oorschot emphasized the need for a new approach to beat hackers at their own game. Right now, those people who release such virulent bugs as the Blaster Worm are winning the war, he added.
That’s because “”the current solutions aren’t good enough, and in order to come up with better ones you start by understanding the problem better,”” he said.
“”We need to understand better … the 25 to 50 types of worms and viruses that we’ve seen over the past 15 years, identify the common characteristics, and come up with a way of detecting them ahead of time,”” said Van Oorschot, adding his lab will do just that.
Main is confident that the lab’s research will soon produce work that can be applied to the commercial world. Currently, Cloakware’s product line includes a tool to prevent piracy and intellectual theft.
“”We’ve developed the technology, we’ve written the code, but you need to get the mathematicians to explore more fundamental issues,”” he said. “”(The lab) is providing some of the metrics for what we already have. And we’ll extend (our) technology into preventing viruses and worms. The studies and research they do will directly translate into new features in our product.””
Van Oorschot said the development of curriculum for courses in the lab will be done exclusively by Carleton’s computer science department.
“”There’s no corporate stuff in the classroom. That being said, if I’m interacting with industry or reading research papers, and I learn something useful, then I’ll put it into my curriculum.””
Most of the lab’s research will be conducted by graduate students who are enrolled in courses on information systems security, he added.
The lab consists of 20 workstations at 2.7 gigahertz each, and 10 servers that have over 2 gigahertz each. Most of the workstations have 80GB hard drives.
Van Oorschot vowed to immerse the lab in the long-term war against cyber-attacks.
“”In security, it’s typically an arms race, and you need to have various techniques. As you put out stronger defences, the attackers come up with new attacks,”” he said. “”It is a long-term arms race, and we believe that as computational power increases we can use that to the advantage of the good guys and make it so hard to mount attacks so that it’s not worthwhile for the attackers.””
— Illustration by Jarrett Osborne