CS Grad Students and Advisor Earn Best Paper08-31-16
Writer(s): Jesica E. Hollinger
Samuel Jero, Hyojeong Lee (Hyo), and Cristina Nita-Rotaru earned best paper award this summer at the 45th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) in Rio de Janeiro.
The IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) is the most prestigious international forum for presenting advanced and innovative research results, problem solutions, practices, insights on new challenges in the field of dependable computing and security.
Their paper “Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations" studies certain types of attacks against implementations of network transport protocols, like TCP. These protocols underlie the vast majority of Internet communication, from email to web browsing to instant messaging to file transfer.
Jero is a third year Ph.D. student studying network security with a focus on transport protocols.
“Despite their importance, these protocols are difficult to implement correctly and a long string of bugs and vulnerabilities dating back to 1985 exists,” Jero said. “Our system SNAKE (State-based Network AttacK Explorer) is designed to automatically find attacks against transport protocols without requiring the users to instrument the code. We envision our system being used by developers to test their protocol implementations prior to release to identify and fix vulnerabilities and bugs, resulting in better, safer implementations and more secure and robust Internet communication,” he added.
Lee obtained her Ph.D from Purdue in December 2014 and subsequently joined Google. In her Ph.D. thesis she studied automated performance attack discovery in distributed system implementations. The work on SNAKE was conducted while she was still a graduate student at Purdue. She said the research she gained working with Jero and Professor Nita-Rotaru has helped her tremendously in her career.
“For me (more than the award) the work itself helped my career. Currently, I'm working at Google, building testing infrastructure for Google Network, which is very related to this work and my Ph.D. work at Purdue,” Lee said. “Having the experience with automated testing of distributed systems and network protocols was very helpful for me to get this job and be prepared to do it,” she added.
Professor Nita-Rotaru said that SNAKE is part of a larger project she started with her colleague Charles Killian and funded by the NSF Secure and Trusted Computing Program.
"As almost every aspect of everyday life depends on distributed systems and network protocols, it is critical to ensure that they work according to their intended specifications in spite of faults, misconfigurations, or attacks,’’ Nita-Rotaru said. "The overall goals of our project are to build easy-to-use and maintain, low cost platforms to find reproducible, real, high-impact, malicious performance attacks on distributed systems implementations in realistic environments,’’ she added.
More information about the project is available at http://ds2.cs.purdue.edu/autoattack.html Samuel Jero, featured on the CS homepage slider image is still pursuing his degree in the CS Department, while Hyo continues her work as a software engineering for Google.