Security

3 Questions: CyLab plans proactive protection

CyLab will develop tools or technology and apply those tools in conjunction with industry partners to more proactively identify security problems.

With Mike Reiter, professor of electrical and computer engineering and computer science at Carnegie Mellon University and associate director for CMU's newly formed CyLab. CMU, which is also home to the Computer Emergency Response Team (CERT), launched CyLab in October as a way to protect computer users and foster collaboration between industry and government.

This interview originally appeared in the IT Business Edge weekly report on Fortifying Network Security. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.

By Terry Sweeney

Question: Since CERT has a CMU affiliation as well, how will you interact with them? How will CyLab's work complement and differ from CERT's?

Reiter: CERT provides largely an advisory function to alerting the community to vulnerabilities and problems. CyLab will be taking a more proactive role in identifying them not just in individual software but in combinations of components that an enterprise might face, that might go beyond a single vendor's product. CyLab will develop tools or technology, then apply these tools in conjunction with industry partners to more proactively identify problems. What we're bringing to bear is CERT expertise in reverse engineering.

Question: Stimulating cooperation between government and business is laudable, but what are some of the specific action items CyLab intends to pursue in its first year? Will the emphasis be on public policy or the practicalities of securing an enterprise network?

Reiter: We've set up a discovery lab and malicious code lab to identify vulnerabilities, like identifying Trojan horses embedded in larger systems. We can also chain together a collection of exploits to reveal how a system might be compromised. By using model checking technology to exhaustively search a database of known component exploits, we can identify whether exploit chains exist and how to break that chain.

Question: How can businesses (or vendors) of any size interact with CyLab? Do you envision a test-bed that would permit them to come in and experiment with different configurations or new security applications software, for example?

Reiter: We want to be leading this rather than following the trends. We'll be working with our industry partners to analyze emerging systems or forthcoming products from vendors. We're in discussions with major IT vendors to be industry partners; we're looking to attract a few significant founding members. By bringing in industry partners, we'll get fast-track transfer paths to real products—that could be technology like encryption or augmenting router infrastructure to better defend against large-scale, denial-of-service (DoS) attacks.
0 comments

Editor's Picks