Talk su network security ed hacking


Cronologico Percorso di conversazione 
  • From: Giuseppe Bianchi < >
  • To: , ,
  • Subject: Talk su network security ed hacking
  • Date: Tue, 05 Feb 2013 12:29:37 +0100

Ho sentito parlare questo ragazzo in una conferenza lo scorso anno, e l'ho immediatamente invitato!! Lui si occupa di un tema di ricerca decisamente non usuale ma veramente affascinante: "economia del malware"; per esempio lo scorso anno ci aveva raccontato di modelli economici che stanno emergendo nel mondo delle botnet, e quest'anno vedo dall'abstract di cui sotto che e' andato ulteriormente avanti. Ed e' molto bravo, vale la pena sentirlo! Dettagli a seguire, il seminario e' lunedi' prossimo primo pomeriggio. Cari saluti, GB

----

February 11th 2013
Department of Electronic Engineering
“Tor Vergata” University

Via del Politecnico, 1 - Roma

Meeting room R3 - 14:30 – 16:00


Luca Allodi

Talk : Exploitation in the wild: what hackers really do, and what we should worry about.

Abstract:
Vulnerability exploitation is a major threat to software and system security. The current model for the attacker, basically unmodified since the ‘70s, is well synthetized in Bruce Schneier’s famous quote “security is only as strong as the weakest link”. In other words, if a vulnerability is there the defender needs to fix it because, sooner or later, the very powerful attacker will exploit it. From this “vision of security”, metrics for vulnerability risk (CVSS score) and guidelines and policies for vulnerability remediation (U.S. Government SCAP Protocol) emerged. Most research in IT security also relies on these assumptions. However, this model seems in contrast with recent observations of attacks in the wild, according to which automatically generated attacks represent two thirds of the threats for the final user [Google 2011, Symantec 2011]. To better understand this scenario we performed three parallel studies:
1) We analyzed the Black Markets for vulnerabilities and extracted information on market properties, traded attack automation tools (namely Exploit Kits) and vulnerabilities.
2) We collected and analyzed data on vulnerabilities actually exploited in the wild from Symantec’s sensors worldwide.
3) We tested the CVSS score as a “risk test for exploitation”, as current guidelines (such as the U.S. SCAP protocol) suggest using it.
Our results evidence that current approaches to computer security may be deeply affected and misled by unrealistic assumptions on vulnerabilities and exploits, vulnerability measures and attacker capabilities. As a consequence, current policies and guidelines relying on the worldwide accepted CVSS score could be widely sub-optimal. We underline that a new approach to computer security may be needed in order to enhance risk metrics, and therefore to allow for better policies, better investments and a better management of security.

[Google 2011] M. Rajab, L. Ballard, N. Jagpal, P. Mavrommatis, D. Nojiri, N. Provos, and L. Schmidt. Trends in circumventing web-malware detection. Technical report, Google, 2011.
[Symantec 2011] Symantec. Analysis of Malicious Web Activity bya ttack Toolkits. Symantec, Available on the web at http://www.symantec.com/threatreport/topic.jsp?
id=threat activity trends&aid=analysis of malicious web activity, online edition, 2011. Accessed on June 1012.


Speaker short bio:

Luca Allodi received his Master Degree in Information Security from the University of Milan in 2011. Back in 2005, during the last years of high school he was co-founder and CEO of Area-Software, a start-up for web development and IT consultancy in Brescia, his hometown. The experience with Area-Software continued for more than six years, until his enrollment as a Ph.D. student at the University of Trento, where Luca is currently located. His interest for research dates back to the time of his bachelor thesis in Milan, where he worked on social network dynamics and information exchange and integrity. This work resulted in two research papers and seeded so far three more Master degree theses at the University of Milan, one of which he co-supervised. During his Ph.D., his research interests moved to the economics of vulnerability exploitation and how these could be used as a proxy for risk measurement and assessment. He is part of the research group UNITN at FP7 European project SECONOMICS.



  • Talk su network security ed hacking, Giuseppe Bianchi

Archivio con motore MhonArc 2.6.16.

§