Abstract

Organizations and enterprises are under constant attack and occasionally their computer systems are compromised by an adversary. For example, phishing and drive-by downloads attacks can be used to gain access into a network that is otherwise fortified. Enterprises following best practices, such as least-user privilege, can limit these attacks to a single user-level account and prevent a system-wide or kernel-level compromise. However, it can be challenging for an organization to manage even just a user-level compromise within an organization.

In this talk, we will discuss ways to improve computer network security by making it easier to understand an enterprise network's traffic and detect activity that may be due to malware or a network intrusion. Unlike traditional security systems, our approach uses software on enterprise computers to communicate contextual information, allowing an access control server to understand whether a given network request is the result of known, trusted software or the result of a new, untrusted application. The project is flexible, using software-defined networking hardware when available, and leveraging end-host agents when it is not, to get deeper insight into a network.

Bio

Dr. Craig Shue is an Assistant Professor in the Computer Science Department at the Worcester Polytechnic Institute. Prior to joining the WPI faculty, he was a Cyber Security Research Scientist at the Oak Ridge National Laboratory. He earned Ph.D. in Computer Science at Indiana University. His research interests are in networking, security, and systems.

http://www.ists.dartmouth.edu/events/abstract-shue.html