- From: Giuseppe Bianchi <
>
- To:
,
,
- Subject: Talk su network security ed hacking
- Date: Tue, 05 Feb 2013 12:29:37 +0100
Ho sentito parlare questo ragazzo in una conferenza lo scorso anno, e
l'ho immediatamente invitato!! Lui si occupa di un tema di ricerca
decisamente non usuale ma veramente affascinante: "economia del
malware"; per esempio lo scorso anno ci aveva raccontato di modelli
economici che stanno emergendo nel mondo delle botnet, e quest'anno vedo
dall'abstract di cui sotto che e' andato ulteriormente avanti. Ed e'
molto bravo, vale la pena sentirlo! Dettagli a seguire, il seminario e'
lunedi' prossimo primo pomeriggio. Cari saluti, GB
----
February 11th 2013
Department of Electronic Engineering
“Tor Vergata” University
Via del Politecnico, 1 - Roma
Meeting room R3 - 14:30 – 16:00
Luca Allodi
Talk : Exploitation in the wild: what hackers really do, and what we
should worry about.
Abstract:
Vulnerability exploitation is a major threat to software and system
security. The current model for the attacker, basically unmodified since
the ‘70s, is well synthetized in Bruce Schneier’s famous quote “security
is only as strong as the weakest link”. In other words, if a
vulnerability is there the defender needs to fix it because, sooner or
later, the very powerful attacker will exploit it. From this “vision of
security”, metrics for vulnerability risk (CVSS score) and guidelines
and policies for vulnerability remediation (U.S. Government SCAP
Protocol) emerged. Most research in IT security also relies on these
assumptions. However, this model seems in contrast with recent
observations of attacks in the wild, according to which automatically
generated attacks represent two thirds of the threats for the final user
[Google 2011, Symantec 2011]. To better understand this scenario we
performed three parallel studies:
1) We analyzed the Black Markets for vulnerabilities and extracted
information on market properties, traded attack automation tools (namely
Exploit Kits) and vulnerabilities.
2) We collected and analyzed data on vulnerabilities actually exploited
in the wild from Symantec’s sensors worldwide.
3) We tested the CVSS score as a “risk test for exploitation”, as
current guidelines (such as the U.S. SCAP protocol) suggest using it.
Our results evidence that current approaches to computer security may be
deeply affected and misled by unrealistic assumptions on vulnerabilities
and exploits, vulnerability measures and attacker capabilities. As a
consequence, current policies and guidelines relying on the worldwide
accepted CVSS score could be widely sub-optimal. We underline that a new
approach to computer security may be needed in order to enhance risk
metrics, and therefore to allow for better policies, better investments
and a better management of security.
[Google 2011] M. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D.
Nojiri, N. Provos, and L. Schmidt. Trends in circumventing web-malware
detection. Technical report, Google, 2011.
[Symantec 2011] Symantec. Analysis of Malicious Web Activity bya ttack
Toolkits. Symantec, Available on the web at
http://www.symantec.com/threatreport/topic.jsp?
id=threat activity
trends&aid=analysis of malicious web activity, online edition, 2011.
Accessed on June 1012.
Speaker short bio:
Luca Allodi received his Master Degree in Information Security from the
University of Milan in 2011. Back in 2005, during the last years of high
school he was co-founder and CEO of Area-Software, a start-up for web
development and IT consultancy in Brescia, his hometown. The experience
with Area-Software continued for more than six years, until his
enrollment as a Ph.D. student at the University of Trento, where Luca is
currently located. His interest for research dates back to the time of
his bachelor thesis in Milan, where he worked on social network dynamics
and information exchange and integrity. This work resulted in two
research papers and seeded so far three more Master degree theses at the
University of Milan, one of which he co-supervised. During his Ph.D.,
his research interests moved to the economics of vulnerability
exploitation and how these could be used as a proxy for risk measurement
and assessment. He is part of the research group UNITN at FP7 European
project SECONOMICS.
- Talk su network security ed hacking, Giuseppe Bianchi
Archivio con motore MhonArc 2.6.16.