| Title | : | Defending Software Systems from Cyber Attack Campaigns |
| Speaker | : | R. Sekar (Stony Brook University) |
| Details | : | Tue, 21 Jan, 2020 2:00 PM @ AM Turing Hall |
| Abstract: | : | The Equifax breach of 2017 and the endless spate of ransomware campaigns in 2019 remind us of the increasing challenges we face in securing our network and software systems against highly skilled and resourceful adversaries. In this talk, I will describe two avenues of research we have been pursuing to help tilt the table against such powerful adversaries. The first is software hardening techniques that make software vulnerabilities harder to exploit. To maximize their applicability and ease of use, our techniques are implemented into compilers, or they directly transform binary code. I will outline some of the exciting new developments we have had in this area over the years, including randomization, memory safety, information-flow tracking, control-flow integrity, and code-pointer integrity. We complement this first line of defense with techniques for analyzing and understanding attack campaigns that manage to slip past all deployed defenses. Our techniques can sift through logs consisting of hundreds of millions of events to zoom in on attack activity that may span just a few hundred events. I will describe our experience in mapping out several DARPA-sponsored red team attack campaigns. Bio:R. Sekar (http://www.cs.stonybrook.edu/~sekar/) is a SUNY Empire Innovation Professor and the Associate Chair of the Computer Science Department at Stony Brook University, where he directs the Secure Systems Lab. He received his Bachelor’s degree in Electrical Engineering from IIT, Madras (India), and his Ph.D. in Computer Science from Stony Brook. Sekar’s research interests are focused on software security, with specialization in attack detection, prevention, containment, response, and recovery; mobile and untrusted code security; malware; security policies and enforcement; anomaly detection; and vulnerability analysis. His research in these areas has been funded by several grants from AFOSR, DARPA, NSF and ONR, as well as the industry. Sekar has supervised well over 100 students, including four postdoctoral and international visiting researchers, 18 Ph.D.s, and 80+ Master’s. Sekar has received SUNY Chancellor’s award for Excellence in Research, SUNY Research Foundation’s Research and Scholarship award, Best paper awards at USENIX Security and Annual Computer Security Applications Conferences and honorable mention for best paper at SACMAT, Catacasinos Fellowship for Computer Science at Stony Brook, and the Siemens prize for best undergraduate in Electrical Engineering at IIT, Madras. |
