TOPICS OF DISCUSSION: ================================================================================================ if focus is on cybersecurity in networks: * could data minimization be a way to collapse privacy and performance concerns with security concerns! *Jen's experience: companies prefer to have everything, performance is less of an issue than security * *example of where this is interesting is in streaming algorithms *sketches: working with compact data structures out of interest in efficiency * if the project was developed differently: * if what was secured was not the cyber but certain values *if privacy and freedom of expression were one of them *what would cybersecurity look like? *how would we guide cybersecurity research then? * distinction between characterization vs design people *network characterization people *grounded in reality *data drive * *design people *design secure protocols * *very different in approach! * Drawing parallels between the clean slate approach and game changing technologies *clean slate: backward compatibility as an excuse against intellectual creativity, an anti-intellectual project * *response: but they are so out of touch, the proposals are ungrounded * *clean slate needs to start with something: what assumptions are you not willing to relax? *following a discussion at the WhiteHouse: industry people and some others said, security of internet is so bad, and you have spent so much money and work on cybersecurity, why don't you just give us a new internet? *the question is what is the trade off for making the internet more secure? *there are cost/incentive barriers *deployment issues: incremental: people look to see if others implemented something or not *the government can play a positive role: set examples or through procurement *but this is all dirty slate! * *we need to start with certain assumptions that we are not willing to relax. you can't have all the goodies and none of the badies. *what values are we going to bring with us to the clean slate? *test assumption 1: all devices come with a self-certifying identity registered with a global authority *if you don't want that, what happens to your solution space: which solutions fall off the table? * * *What kind of attacks do we want, what do we want to do with attacks, what kind of attackers do we want? *honeypots: how long do you want attackers to be there? * * Privacy Red team? *We don't have methodology at all, even if we wanted to do better *how do you even go about doing a good job? *have a privacy red team attack our solutions * *but then you run into all the problems of collaborations *FIA-NDN was successful because it had one person with a clear vision *we are not good at designing by committe *culturally difficult, collaboration is a difficult thing *how do we go about it? * * * PEOPLE TO INVITE: ================================================================================================ chat with: Christopher Yoo Fred Schneider *cannot on 12-14 *can on the week of the 16th * Jen Rexford: * cannot on the 12th *14, 18, 20 are ok dates *19th is a faculty meeting which Nick will have to go to, too * Measurement Oriented Security: * Vern Saxson * Stefan Savage - UCSD *Other people doing measurements: (could this be seen as positive/afformative cybersecurity research, is it also *Phillipa Gil -> understanding censorship products *Becker Polverini -> greate firewall of china before and after olympics *Jedidiah Crandall * *Roger Dingledine * * How about the UPenn people: what exactly are they working on (cybersecurity and differential privacy) *Aaron Roth would be a name there * *Lalitha Sankar Vyas Sekar - CMU - middle boxes Sharon Goldberg David Clark Alex Halderman Stephanie Forest - UNM, computer security, bioengineered stuff and awareness of internet governance issues Avi Rubin - Hopkins, firewalls Rebecca Wright - discrete math, Rutgers Joan Feigenbaum Mutu also atRutgers Notes of Meeting with Jen Rexford (amazing meeting) Niksun Company -> Walter Willinger (also teaching a course this year on cybersecurity) Notes from Walter Willinger Slides: Terminology: Dwell Time: The objective is to reduce dwell time and to identify damage done. It is about being able to account for the damage. The attacker model: The life-cycle of the attacker is often described through the "intrusion kill chain": * reconnaissance -> weaponization -> delivery -> exploitation -> installation -> comman and control -> actions on objectives *This contrasts with the attacker models used in encryption: passive/active attacker defined based on information/observations as well as attacks, but typically not discussed in an elaborate life-cycle like the attacker in the "intrusion kill chain". Sings of APT activities: * increase in elevated log-ons *funding widespread backdoor trojans *unexpected information flows *focused spear-fishin campaigns against a company's employees * *One of the main problems that proponents say using machine learning for cybersecurity is to decrease what we don't know (!) *objective: reduce median dwell time *how: collect all the data necessary to check for the wide range of different signs of APT activities *bottom line: the more data, the better we can identify and stop APT! *more arguments: without the complete traffic (after the fact) intrusion reconstruction, network forensics, and/or real time attack deteaction are in general impossible to perform Do we assume a strategic attacker: the gaming technologies propose using behavioral analysis to identify malicious/abnormal behavior, deception to attract attackers, and obfuscation to make their lives harder. What are the assumptions about the attacker's skill set: could they not employ adversarial algorithms, obfuscation, and deception themselves? Where do attacks come from? According to Walter: *- distill domain expert's understanding of different attack scenarios and try to describe attack specific "behaviors" as "interesting communication pattersn" *- select queries/DSD algorithms that look for occurrences of such "interesting" patterns *- Use combination of continuous queries (e.g., monitoring for changing trends/patterns) and one-time or ad-hoc queries *(e.g., examining particular behavior or patterns) * * The role of visualization: * According to Walter: *Challenge: How to visualize in our target setting and in real-time the effect of a chosen mitigation strategy (rule-of-action) in response to a detected attack (e.g., co-lateral damage). * *### seda: this raises questions about how visualization becomes central to understanding/capturing attacks and mitigation methods. What are the limitations of visualization as a method of cybersecurity and population management? * *