Sal Stolfo
Data Science
Cybersecurity's Superhero

On the surface, traffic lights, printers, cell phones, and routers that operate power grids don’t have much in common. But embedded into each of those is a small chip with programming that makes each work the way they are supposed to work and enables automatic updates. The combination of memory, program code, and data stored on the chip is called firmware and is considered as important as the operating system.

The problem is, firmware acts just like a general purpose computer and is virtually unprotected from attack.

“The damage possible to our critical infrastructure highlights the importance of computer security,” explains Salvatore J. Stolfo, professor of computer science. “It is technically feasible to essentially disable the world’s communication infrastructure. What would modern life be like if the network connecting everything was disabled? We have built a very fragile infrastructure that everyone depends upon.”

In his quest to make the Internet safe, Stolfo first became enamored with security research and the creative, malicious nature of credit card transaction opportunists. “I learned years ago when studying credit card transaction fraud how clever adversaries could be and how difficult it can be to detect their activities,” he says. “It’s a rigorous challenge, and that’s what immediately hooked me.”

Allure Security developed scalable decoy technology to confound and confuse thieves while providing Data Loss Alerting.

To defend the technological systems that cyber criminals target, Stolfo leverages equal creativity and inventiveness. His Intrusion Detection System (IDS) lab, established in 1996 and sponsored by the Defense Advanced Research Projects Agency’s (DARPA’s) Cyber Panel program, pioneered the use of data analysis and machine learning techniques for the adaptive generation of novel sensors and anomaly detectors for advanced cyber defense. Most recently, work in his lab resulted in symbiote technology that thwarts and frustrates those targeting firmware. The solution, co-invented by Stolfo and his student Ang Cui, is easily interwoven into any firmware and operates alongside it to defend it from any unauthorized changes to the host firmware.

“I believe the symbiote technology represents a real achievement. We’ve raised the bar with this technology,” he says.

The symbiote is a general security solution for all embedded devices and can scale to very large numbers of devices, whether they are already deployed or being produced on a manufacturing line. It’s a solution that successfully protects firmware without interfering with the overall operating system and greatly frustrates would-be attackers.

“We essentially created a sequence of randomized symbiote-protected firmware images, each distinct from the prior generated firmware. This prevents a single malicious attack from succeeding for all the distinct devices. Worm propagation is disabled, and the attacker would have to study each device in order to figure out how to disable the defense,” he explains.

Computing Complexity
Joseph Traub

After his renowned career at the forefront of complex computation, and serving as founding chair of Columbia’s Department of Computer Science, it is perhaps surprising that, when Joseph Traub ’59GSAS first came to Columbia in 1954, he planned to study physics. But, at the Watson Scientific Computing Laboratory, he found nearly unparalleled access to computers and was hooked. As a Watson Fellow in Applied Mathematics, Traub’s doctoral thesis concerned computational quantum mechanics.

Joining the research division of Bell Labs, Traub, the Edwin Howard Armstrong Professor of Computer Science at the Engineering School, developed optimal iteration theory, exploring the minimal computational resources needed to solve nonlinear equations. On sabbatical at Stanford, with Michael Jenkins, he published the Jenkins-Traub algorithm for polynomial zeroes in 1970. In 1971 he became head of the Department of Computer Science at Carnegie Mellon and worked on algebraic complexity and further algorithms. With Henryk Wozniakowski, now a professor of computer science at Columbia Engineering, he pioneered informationbased complexity, which explores optimal algorithms for continuous problems.

In 1979, Traub returned to Columbia to start the Department of Computer Science, when the School had just one computer. He built up the faculty, brought on young researchers, and forged partnerships with IBM and the Defense Advanced Research Projects Agency (DARPA). He led the fast-growing department to leadership in a field coming into its own and presided over construction of the Computer Science building, while serving as founding coeditor of the Journal of Complexity. He was elected to the National Academy of Engineering in 1985 and the next year founded the Computer Science and Telecommunications Board of the National Research Council.

In the 1990s, Traub collaborated with Spassimir Paskov ’94GSAS to demonstrate that, for real-world financial computation, quasi-Monte Carlo methods with quasi-random samples beat random Monte Carlo methods. He currently works on quantum computing with Anargyros Papageorgiou ’90GSAS.

That technology, which is already protecting Cisco routers, is being tested by the U.S. Air Force. Stolfo expects detailed performance reports from them later this fall.

“If they give the green light, I believe symbiotes will be widely deployed to protect our Department of Defense networks,” he says.

While symbiote technology is poised to make a splash as a new superhero in technology security, the world can thank Stolfo for plenty of other technological advances.

His earliest work on parallel computing for high-speed speech recognition resulted in the creation of the DADO large-scale parallel computer that powered the automated telephone operator speech recognition system. This research served as a model for deductive data base systems research for years. His work has also informed the Intrusion Detection Systems industry and is deployed within the U.S. government for network defense.

“I am keen on decoy technology, active defense, and scalable deception,” he says. “I now see numerous organizations using these techniques to protect their sensitive data. I believe it will be a common defense across most large enterprises, very soon.”

As far-reaching as Stolfo’s Internet security solutions are, he knows that there are people who are just as nefariously looking for gaps in software and hardware. But he has some clever insight into how to foil those attempts as well.

“If we can organize layers of defense so the cost of an attacker bypassing each layer has multiplicative cost to the attacker, rather than linear cost as the state-of-the-art today,” he explains, “we will come a big step closer to making the Internet safe.”

While worry about cyber criminals doesn’t keep Stolfo up at night, a deep understanding of the consequences of a large-scale cyber attack drives him to stay one step ahead of those who would benefit from a global IT meltdown.

“Think about what it was like in lower Manhattan just after Hurricane Sandy, or in the Northeast during the 2003 blackout,” he cautions. “It doesn’t take much to push our society back into the Stone Age.”

—by Amy Biemiller