<p>Before We Knew It: From Measurements to Predictions of Security in the Real World Abstract: When can you trust the software running on your computer? After considerable research advances we have been hoping for observable security improvements in practice, yet we cannot justify the prevalence of vulnerabilities and security breaches and we do not know how to estimate the odds that we will be hacked tomorrow. This talk will focus on the challenges for measuring security in the real world and their consequences for secure and trustworthy computing. For example, most existing defenses are ineffective against zero-day attacks, which exploit software vulnerabilities that have not been disclosed publicly, but it is difficult to assess the magnitude of the threat from such stealthy attacks. Anecdotal evidence suggests that advanced malware, like Stuxnet or Flame, can rely on compromised code-signing certificates to bypass protections against untrusted programs, but we do not know if this represents a bigger security threat because of the challenges for measuring compromised certificates at scale. When applying machine learning and other modeling techniques to security measurements, we must account for continuously evolving malware behaviors and for poisoned data. Approaches will be presented that quantify the impact of security mechanisms in the field. First, Dumitras will describe the largest measurements to date focusing on the lifecycle of software vulnerabilities. Our measurements have shed light on the duration and prevalence of zero-day attacks, the practical barriers for updating software on end hosts and the risk that vulnerabilities present in practice. Next, he will turn to the breaches of trust in the Windows code-signing ecosystem, which allow miscreants to sign malware with stolen keys, to impersonate legitimate companies that do not develop software and to take advantage of widespread flaws in anti-virus scanners. Finally, Dumitras will discuss the goal of predicting security outcomes in the real world and success so far in creating predictive models for vulnerability patching and exploitation. Bio: Tudor Dumitraș is an Assistant Professor in the Electrical & Computer Engineering Department at UMD and his research focuses on Big Data approaches to problems in system security and dependability. At Symantec Research Labs he built the Worldwide Intelligence Network Environment (WINE) - a platform for experimenting with Big Data techniques. He received an Honorable Mention in the 212 NSA competition for the Best Scientific Cybersecurity Paper. He also received the 2011 A. G. Jordan Award from the ECE Department at Carnegie Mellon University, the 2009 John Vlissides Award from ACM SIGPLAN, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University.</p>
