On the surface, traffic lights, printers, cell phones, and routers that operate power grids don’t have much in common. But embedded into each of those is a small chip with programming that makes each work the way they are supposed to work and enables automatic updates. The combination of memory, program code, and data stored on the chip is called firmware and is considered as important as the operating system.
The problem is, firmware acts just like a general purpose computer and is virtually unprotected from attack.
“The damage possible to our critical infrastructure highlights the importance of computer security,” explains Salvatore J. Stolfo, professor of computer science. “It is technically feasible to essentially disable the world’s communication infrastructure. What would modern life be like if the network connecting everything was disabled? We have built a very fragile infrastructure that everyone depends upon.”
In his quest to make the Internet safe, Stolfo first became enamored with security research and the creative, malicious nature of credit card transaction opportunists. “I learned years ago when studying credit card transaction fraud how clever adversaries could be and how difficult it can be to detect their activities,” he says. “It’s a rigorous challenge, and that’s what immediately hooked me.”
To defend the technological systems that cyber criminals target, Stolfo leverages equal creativity and inventiveness. His Intrusion Detection System (IDS) lab, established in 1996 and sponsored by the Defense Advanced Research Projects Agency’s (DARPA’s) Cyber Panel program, pioneered the use of data analysis and machine learning techniques for the adaptive generation of novel sensors and anomaly detectors for advanced cyber defense. Most recently, work in his lab resulted in symbiote technology that thwarts and frustrates those targeting firmware. The solution, co-invented by Stolfo and his student Ang Cui, is easily interwoven into any firmware and operates alongside it to defend it from any unauthorized changes to the host firmware.
“I believe the symbiote technology represents a real achievement. We’ve raised the bar with this technology,” he says.
The symbiote is a general security solution for all embedded devices and can scale to very large numbers of devices, whether they are already deployed or being produced on a manufacturing line. It’s a solution that successfully protects firmware without interfering with the overall operating system and greatly frustrates would-be attackers.
“We essentially created a sequence of randomized symbiote-protected firmware images, each distinct from the prior generated firmware. This prevents a single malicious attack from succeeding for all the distinct devices. Worm propagation is disabled, and the attacker would have to study each device in order to figure out how to disable the defense,” he explains.
That technology, which is already protecting Cisco routers, is being tested by the U.S. Air Force. Stolfo expects detailed performance reports from them later this fall.
“If they give the green light, I believe symbiotes will be widely deployed to protect our Department of Defense networks,” he says.
While symbiote technology is poised to make a splash as a new superhero in technology security, the world can thank Stolfo for plenty of other technological advances.
His earliest work on parallel computing for high-speed speech recognition resulted in the creation of the DADO large-scale parallel computer that powered the automated telephone operator speech recognition system. This research served as a model for deductive data base systems research for years. His work has also informed the Intrusion Detection Systems industry and is deployed within the U.S. government for network defense.
“I am keen on decoy technology, active defense, and scalable deception,” he says. “I now see numerous organizations using these techniques to protect their sensitive data. I believe it will be a common defense across most large enterprises, very soon.”
As far-reaching as Stolfo’s Internet security solutions are, he knows that there are people who are just as nefariously looking for gaps in software and hardware. But he has some clever insight into how to foil those attempts as well.
“If we can organize layers of defense so the cost of an attacker bypassing each layer has multiplicative cost to the attacker, rather than linear cost as the state-of-the-art today,” he explains, “we will come a big step closer to making the Internet safe.”
While worry about cyber criminals doesn’t keep Stolfo up at night, a deep understanding of the consequences of a large-scale cyber attack drives him to stay one step ahead of those who would benefit from a global IT meltdown.
“Think about what it was like in lower Manhattan just after Hurricane Sandy, or in the Northeast during the 2003 blackout,” he cautions. “It doesn’t take much to push our society back into the Stone Age.”
—by Amy Biemiller