Tudor Dumitras - University of Maryland Digital Security
Date: - Location: Eurecom
The security and reliability of deployed and actively used systems is a moving target, influenced by factors that are not captured in the existing security models and metrics. For example, we do not know which vulnerabilities are ultimately exploited in the field and for how long the end-hosts are susceptible to these exploits. My overall research goal is to address the questions of why computer systems fail or behave unpredictably, why they become unavailable to their users for extended periods of time, and why they fall victim to cyber attacks. In this talk, I will present our research on using Big Data techniques for understanding how security fails in the field. First, I will describe the WINE analytics platform that I built during my time in the industry, at Symantec Research Labs. WINE is available to academic researchers and allows them to conduct experiments at scale. WINE also provides access to security telemetry collected by Symantec on 11 million hosts worldwide and updated continuously. Second, I will explain how we used WINE to show that zero-day attacks, which exploit software vulnerabilities before their public disclosure, go on undetected for 312 days on average. The duration of zero-day attacks had remained an open question for more than a decade because these attacks are rare events that are unlikely to be observed in honeypots or in lab experiments. We also showed that, after disclosure, the volume of attacks exploiting these vulnerabilities increases by up to 5 orders of magnitude and that the attacks continue for more than 4 years after the disclosure. Finally, I will discuss our ongoing empirical research into various security problems, and the implications of this research for public policy and future security technologies.