Share
Blog
Cite
Print
Email
BookmarkScienceDaily (Sep. 22, 2004) — Somewhere between crime fighter and computer techie, you’ll find electrical and computer engineering professors David Lie and Ashvin Goel. But these two aren’t interested in fitting any moulds: they’re interested in the ever-evolving world of computer security.
See also:
“There’s a whole grey area out there,” said Goel, referring to the wild cyber-frontier of hackers and computer threats.
Lie agreed. “It’s a completely different world today than when computers first came out. You find them in places you wouldn’t normally expect them, like cars. [Security] is something that has to be addressed now.”
While their research is similar thematically, Lie and Goel approach the problem differently. Lie monitors the behaviour of hackers by setting up “honey pots,” computers that act as decoys to lure cyber-criminals into his lair. “Surprisingly, we found that none of them actually looked hard into the system,” Lie said. Instead, hackers used the honey pots to attack the next computer. “That told us that most of them aren’t professionals, they’re just experimenting and seeing how far they can get.”
These naive hackers also leave clues. Although they use IP (Internet protocol) addresses to bounce from machine to machine, hackers pick up languages used on interfaces along the way, leaving a trail of breadcrumbs that trace back to the point of origin.
“If you just look at the languages, a large majority of them are from eastern Europe, a whole bunch are from Romania and it seems like at least one Italian,” Lie said. “So this was actually a better identifier than anything electronic.”
But what to do once a system is invaded? That’s where Goel steps in. His goal is to simplify recovery from these intrusions. “Currently, security experts spend hours or days to fix the problem,” he said. “Ideally, what we want are systems administrators taking tens of minutes.” Typically, once a hacker strikes and wreaks havoc, computer experts revert to a snapshot of data stored the day before, erasing all the present day’s work. Goel wants to save new data and just pinpoint the intrusion. “Instead of doing what we call a complete undo, we want to do a selective undo of the intrusion.”
The first step, according to Goel, is logging all the data into a separate server that has no connection to the outside world. The data is then parcelled into subsets that facilitate analysis, determining exactly when and where the intrusion occurred.
Goel estimates that the technology to perform selective undos could be available in less than three months. His ultimate goal is to have a self-recovery system that automatically detects an intrusion and sets to work on fixing it. This technology, he admits, is a long way off.
As for the future of computer security, both Goel and Lie agree that experts have to be on guard for professional hackers intent of breaking into cyber vaults full of priceless information.
“If you put enough value in something, there are going to people with enough intelligence to break into it,” Lie said.
