UBC Reports | Vol.
51 | No. 3 |
Mar. 3, 2005
Defence in Depth
UBC’s new head of computer science talks about the
battle for your computer
By Brenda Austin
The profile of a virus writer or hacker is young, male, intelligent
and equipped with the one luxury people in full-time employment
never have -- time. He uses that time to reverse engineer
software and zero in on the inevitable vulnerabilities.
Lining up against the hackers are researchers like William
Aiello, the newly appointed head of the UBC Department of
Computer Science. He focuses on new ways to increase computer
security from the three most common large-scale threats: viruses,
worms and denial-of-service attacks.
Aiello holds a PhD in applied mathematics from the Massachusetts
Institute of Technology and comes to UBC from AT&T Research
Labs in New Jersey, where he was the Director of Network Security
Research.
“It is the initial engineering of the computers with
areas of weakness, and the manufacturers’ focus on features
and functions instead of invulnerability, which provide the
virus writer his opportunities,” says Aiello.
That is one piece of the puzzle. The other is the fact that
many people share the same type of software so there is a
monoculture in which viruses and worms spread rapidly.
“When someone unleashes a piece of code -- which is
what every virus is -- this causes a domino effect which might
begin with an overload of network traffic and end in widespread
denial of network service. This becomes a huge issue, wreaking
havoc,” says Aiello. In one aspect of Aiello’s
research, he grapples with how to defend against these large-scale
attacks.
But, to develop software secure against every conceivable
attack is not possible. Threats emerge on various fronts,
not only from the virus writer but from hackers who can break
into computers one by one, and spammers who drop a piece of
software into a single computer system that then hosts a larger-scale
attack.
“If you want to secure a complicated network you have
to seek solutions from many different areas, not just the
software. You may see something that went wrong on a large
network, but finding the root cause can be very difficult,”
says Aiello.
This leads Aiello into his main area of interest called
“defence in depth” -- the management of complexity
that evolves from cryptography research, system security,
and traffic analysis.
Cryptography has been around in some form or other as long
as humans have. Current cryptography research centres on the
use of codes and limiting access to authorized persons.
The second area, system security, focuses on how different
applications in a computer interact via the rules each computer
uses. Firewalls and routing devices are two familiar examples.
The final area is traffic analysis, monitoring the system
to spot abnormal activity. Akin to the canary in the coal
mining era, the monitor prevents damage escalating, but in
the case of computers, also analyses the root cause.
Given the propensity for damage and the inherent opportunities,
how big is the criminal element researchers battle? This is
not an area Aiello focuses on, but he says there is a complex
underground economy among hackers, spammers and organized
crime where the currencies of the realm are access to hacked
machine, attack tips, bragging rights and money.
So, what’s the mindset of a hacker? Aiello recalls
an extremely bright colleague whose mind worked in a way he
believes the minds of hackers must work. His colleague was
able to make connections between areas of computer vulnerability
in a way that made everyone glad he was legitimately employed
on “their” side.
“The good news is we’ve made progress in our
defences and as science progresses we can turn more mathematical
theories into engineering artifacts,” Aiello says.
“Computer science cuts across many disciplines such
as mathematics, engineering, commerce and general sciences,”
Aiello adds. “Luckily, one of the department’s
strengths is interdisciplinary research, and my hope is we
not only provide the computer tools and network security,
but the intellectual concepts as well in a way that enables
us to continue to grow as an intellectual leader within the
university community.”
Department Gains New Facilities
Newly arrived from AT&T Research Labs in New Jersey,
Computer Science department head William Aiello has assumed
leadership of 55 faculty members, 185 graduate students, approximately
900 undergraduates and 40 staff.
Known for its focus on interdisciplinary programs and research
strength in areas such as computational intelligence and graphics,
the department has welcomed the addition of new lecture and
classroom space at the recently completed Dempster Pavilion.
A second facility to be shared with the Institute for Computing,
Information and Cognitive Systems (ICICS) and named the ICICS/CS
building, will provide additional administrative and lab space
and strengthen ties among researchers in areas ranging from
engineering and computing to psychology and medicine.
In the past two years, the department’s top programming
team has captured first place at the International Collegiate
Programming Contest (Pacific Northwest Division), beating
traditional powerhouse teams from Stanford and Berkeley and
is headed to Shanghai in April to compete in the World Finals.
|