Wednesday, November 9, 2011

GHC: PhD Forum 1: Hardware and Security

Intelligent Cache Management for Reducing Memory System Waste

Presenter: Samira M. Khan (University of Texas at San Antonio)

Caches are just not efficient, if there's a cache miss hundreds of extra cycles of delay are added. Processor performance is doubling every 18months, but memory performance is only doubling every 10 years! It just can't really keep up.

Most of microprocessor die are is cache, but they aren't efficient. Using the cache efficiently is important to improve performance and reduce power. The problem is dead blocks - not even getting used. Up to 86% of blocks in the cache are dead at any one time.

This is caused by the most recently used cache management policy, so many blocks just simply go unused. Khan's research was based around predicting which blocks were going to be dead and take advantage of them and changing the replacement policy, reducing power requirements of the system.

Usable Security and Privacy Policy Management

Presenter: Maritza L. Johnson (Columbia University)

Johnson's research is around access control and policy management. She started out with some real world examples, like how all of us are wearing Grace Hopper Conference badges, which grants us access this session.

Johnson's next slide was the Confidentiality, Integrity and Availability triangle, while she discussed the balance while talking about read write access to files, an every day problem in shared environments. To properly approach this, there needs to be a constant cycle of evaluation, analysis, and design. You can't just come up with a design and be unwilling to modify it, as needs and usage may change.

As users of Facebook, we're all access control managers, as well. Johnson and her colleagues did their research around facebook, as it's so open and available for studying.

A question the research sought to solve was Are users' Facebook privacy settings correct. This is hard to totally know what someone else's intent was, as each person has a different level of information they feel comfortable sharing.

The app they developed an application to look for potential violations between what the user intended and what they got. For example, if someone shared publicly "I'm at work. I'm just laying on these chairs until my boss..." ... should that really be public?

The research involved participants using an app that they told what type of information they wanted to share, and then it studied what happened over a period of time, and showed what it believed were violations of the policy to the users. Many of these were confirmed to be violations, yet, users still didn't want to change their privacy settings.

The ideal setting for most user is actually to just share with friends only.

Detecting Stealthy Malware Using Behavioral Features in Network Traffic

Presenter: Ting-Fang Yen (Carnegie Mellon University)

Yen started out with a great background in what a Botnet is: infected hosts with a subtle command & control system that are doing malicious activities. One single botnet has 3.6 million hosts - combined, they have more computing power than the top 500 supercomputers combined.

A botnet may have a centralized control, where all infected hosts get their commands from a central control computer, but many have peer-to-peer control.

Previous work in this area looked for a signature of a botnet to identify new infections. Similar work is done by mapping behaviour of a botnet.

Botnets are becoming more sophisticated, but our current techniques are just not keeping up.

Yen's research was around finding previously unknown bots. One way of doing this is using the research that shows that most hosts use a consistent amount of network traffic on a daily basis - if that traffic suddenly rises, or happens during odd hours, the host may be infected. Bots also use consistent payloads - so look for a lot of similar communication.

Peer-to-peer botnets tend to blend in, traffic wise, with other, normal peer-to-peer traffic. Research noticed, though, that timing of botnets packets are too regular - not being driven by a human.

This post syndicated from Thoughts on security, beer, theater and biking!