Against the rising tide of virus writers, online burglars and missile-secret misappropriators, researchers at UC Davis are fighting to keep "computer security" from becoming an oxymoron. In the UC Davis Computer Security Research Laboratory of the computer science department, Professor Matt Bishop specializes in identifying the holes in a system and plugging them. Professor Karl Levitt tries to give computers the ability to recognize an intrusion and stop it. Professor Phillip Rogaway wants to thwart the intruder by scrambling the information. All three employ complex mathematical methods to define tenets of privacy and security and to construct the elaborate programs needed to give a computer system selective self-defense. Rogaway, a cryptographer, is the purest mathematician of the three; Bishop and Levitt mix the math with a large measure of hacker psychology. Center of Academic Excellence Their accomplishments are being noticed. On Tuesday, at a national conference on information security, the U.S. National Security Agency named UC Davis as one of seven new Centers of Academic Excellence in Information Assurance Education. Recently, Bishop sat fiddling with an array of monitors in the security lab. He was getting ready to help students test a system attack tool -- one of hundreds free for the taking from a public Internet site. He would break into one of his own computers and make note of the tool's entry strategy and activity inside -- its "exploits and signatures." Then the profile would be put into a database Bishop is building. "This is a common form of attack called 'denial of service,'" Bishop said. "Its intent is simply to stop usual operations for a while" -- an interruption that could mean hours of frustration for a home computer user or losses of millions of dollars for an online retailer. Bishop clicked a mouse and the assault began. A screen that had been quietly displaying the logo of Microsoft Windows NT Server 4.0, a widely used networking program, suddenly went blank and turned sky-blue. "Ah-ha!" chortled Bishop. Senior Bryan Cameron came to look over Bishop's shoulder. "Did you just kill that computer?" he asked. Bishop nodded. "Wow, I've never seen the NT Blue Screen of Death before," said Cameron. "This is exciting!" Graduates like Cameron should find no shortage of work. National review panels say the nation's computer infrastructure -- including systems controlling power grids, air traffic, military weapons and financial networks -- is vulnerable. In the private sector, attacks from outside and inside are increasingly costly. "No one is exempt from attack," says Biswanath Mukherjee, chair of the computer science department. "If you are connected to the Internet, your machine may be vulnerable. The way I pose the sort of problems we work on is, 'Do you care to know when an intruder is breaking into your computer and how to stop them?'" Working in the UC Davis Computer Security Research Laboratory with Bishop, Rogaway and Levitt are Mukherjee; two new faculty members, Michael Gertz and Premkumar Devanbu; two permanent staff researchers, Jeff Rowe and Chris Wee; a staff administrator; and 13 graduate and five undergraduate students. Understanding the attacker Bishop teaches vulnerability analysis as a tactical struggle against conventional thinking. He has assigned undergraduate students in his security class to read Machiavelli and The Art of War by Sun Tzu. "Understanding the attacker philosophy is fundamental to understanding computer security," Bishop says. "That philosophy is: Attack the power structure using its own tools in ways that it never expected." Bishop wants to teach computer designers and programmers to make new systems more secure. And he's writing a computer language that can describe attack tools and their distinguishing features; it could form the basis of an improved computer defense program. Karl Levitt works in the fast-growing field of smart intrusion detectors. The programs, which constantly survey a system for attacks, are in great demand. Cyberterrorist threat to national security In February, an influential Washington think tank reported Pentagon estimates that fewer than 20 cyberterrorists around the world, funded with less than $10 million, could launch a coordinated attack on infrastructure computer systems that "could bring the U.S. to its knees." Last year, a former employee was charged with planting a computer "time bomb" that deleted critical records at a New Jersey engineering firm, at a cost of $10 million in lost sales and contracts. In November, someone used a public-access computer at UC Davis to attack a Web site of Netscape Communications Corp. Two months ago, the Melissa e-mail virus threatened to overload information systems around the world. Last week, national security experts said they had easily broken into vital NASA computers. One tactic of intrusion detectors, called "signature detection," compares the code in an incoming packet to a library of known attacks, like Bishop's database. Another tactic, "anomaly detection," watches for computing activity that's inconsistent with the profile of an authorized user, such as an 8-to-5 worker sending e-mail at 3 a.m. or a human resources employee searching for files named "Missile." But the current detectors can only recognize known attacks and record suspicious events for later review. "We're trying to build programs that can recognize known or unknown intrusions and report where damage is occurring, where the attack came from and whether it is spreading," Levitt says. The programs could even sever the connection or divert the intruder into a fabricated region of the system, called a fishbowl, for observation. Pioneering research The UC Davis security group was the first to tackle such responsive detectors, Levitt says, and interest is high from government agencies, aircraft makers, semiconductor firms and banks. "For example, we're funded by the Department of Defense" -- where hackers try to break in 80 to 100 times daily. "The defense department is also concerned about information getting out. That's hard to stop when the users have legitimate access," Levitt says. The majority of the security laboratory's $1.3 million in external funding this year comes from the Department of Defense. Phil Rogaway aims at protecting information not just when it's socked away in storage, but when it's making the trip from one user to another over the Internet, as in e-mail, automatic-teller bank deposits and online credit purchases. Mathematical defenses Rogaway is a cryptographer -- a scientist who makes or attacks mathematical gadgets for protecting communication. He uses a modern cryptographic approach called "provable security," in which a mechanism is trusted because of the belief in its underlying assumptions -- for instance, the belief that it takes a tremendous amount of computing time to factor certain very large numbers. If the assumption is true, then what is built on it is known to be good. Last summer, the firm RSA Data Security announced that an ATT research scientist had cracked part of its "Public Key Encryption Standard #1," which had become a de facto standard for digital communications. It would be replaced by a provable mechanism designed by Rogaway and a research colleague at UC San Diego, Mihir Bellare. Called optimal asymmetric encryption padding (OAEP), the new scheme is "very strong," Rogaway says. "We know this by virtue of having proofs that tell us so." "Mihir and I, we're very happy. Our scheme is getting into the standards and our approach is catching on," Rogaway says. "We've done what we wanted to do" -- that is, as Sun Tzu said, subdue the enemy without fighting.
Media Resources
Andy Fell, Research news (emphasis: biological and physical sciences, and engineering), 530-752-4533, ahfell@ucdavis.edu