C4I
Home
Center Overview
C4I
Brief
C4I
People
Objectives
Programs
Funding & Support
Industry Partners
Publications
Recordings
Open Source Software
C4I
Events
News
Internet Conference
GMU C4I Center Seminar
Quantifying Systemic Dependencies
Through Attack Surface Analysis
Dr. Eric Osterweil
Verisign Labs
Friday, April 26, 2013 at 1:00 PM
Nguyen Engineering building, Room 4705
ABSTRACT
To systematically address the increasing security threats of today's networked systems, one
important step is to quantify the potential vulnerabilities a system may face. The concept of
"attack surface" has emerged in recent years as a measure of such vulnerabilities. However,
given the high degrees of interdependencies among networked systems, it remains an open challenge
of how to systematically identify and quantify the attack surface of a given system.
In this work we use two real Internet systems, the X.509 CA verification system and DANE, a
newly standardized alternative solution, as case studies to showcase a novel methodology that
offers a repeatable way to systematically quantify their attack surface. We believe this work
represents the first step towards systemically modeling dependencies of actual Internet-scale
systems in order to formally quantify the often elusive notion of a system's attack surface.
BIO
Eric Osterweil is a Research Engineer on the Verisign Labs team. He received his Ph.D. from the
Computer Science department of UCLA in 2010. He did his thesis work in the Internet Research Lab (IRL)
where his advisor was Professor Lixia Zhang, and his dissertation topic was a new substrate for
Internet-scale security systems called "Measurable Security."
Eric is an active member of the IETF and other research communities. In the IETF he participates
in the evolution of protocols and systems such as DNS and DNSSEC. As part of his participation in
the community, Eric has authored several utilities that have helped facilitate and evolve the
DNSSEC deployment (including SecSpider, dnsfunnel, dnskey-grab, and Vantages).