Faculty Recruiting Support CICS

Security Speaker Series: Prof. Cristina Nita-Rotaru (Northeastern Univ.)

24 Oct
Wednesday, 10/24/2018 1:25pm to 2:25pm
Computer Science Building, Room 151
Security Seminar

Cybersecurity Institute
Security Speaker Series

Title: Automated Attack Discovery for TCP Implementations

TCP is the protocol that underlies most of the Internet traffic including encrypted traffic via TLS and HTTPS. Despite its importance and number of implementations, finding attacks in TCP implementations has been mainly a manual and ad-hoc process.  We present the first systematic testing  and attack finding  of unmodified implementations of TCP. We first present SNAKE, a framework which uses the description of the protocol state machine to identify critical points in the search space for attack injection against TCP handshake. The attacks injected consist of modified packets that mimic both on-path and off-path attackers.  Then, we focus on congestion control and show why finding attacks against congestion  control algorithms by  using  a similar approach is not scalable. Instead, we use a model-based testing approach to generate abstract test cases that we then map to concrete test cases to be tested against  the implementation. We implemented this approach  in a framework we call TCPwn and used it to  evaluate 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 were previously unknown.

Cristina Nita-Rotaru is a Professor of Computer Science and an Associate Dean for Faculty in the College of Computer and Information Science  at Northeastern University. Prior to joining Northeastern University she was a faculty in the Department of Computer Science at Purdue University from 2003 to 2015. Her research lies at the intersection of information security, distributed systems, and computer  networks. The overarching goal of her work is designing and building secure and resilient distributed systems and network protocols, with assurance that their deployed implementations provide their security, resilience, and performance goals.

Cristina Nita-Rotaru is a recipient of the NSF Career Award in 2006. She has served on the Technical Program  Committee of numerous conferences in security, networking and distributed systems. She served as an Assistant Director for CERIAS (2011 - 2013), the Center of Education and Research in Information Assurance at Purdue University. She leads the Network and Distributed Systems Security Laboratory (NDS2) . She has published over 100 articles in peer-reviewed conferences and journals. She is a member of the steering committee of ACM Wisec and IEEE DSN and a member of the IFIP Working Group on Dependable Computing and Fault-tolerance.  She was an Associate Editor for Elsevier Computer Communications (2008 - 2011),  IEEE Transactions on Computers (2011 - 2014), ACM Transactions on Information Systems Security (2009 - 2013), Computer Networks (2012 - 2014), IEEE Transactions on Mobile Computing (2011 - 2016), and IEEE Transactions on Dependable and Secure Systems (2014-2018). She is a senior member of IEEE  and a member of Upsilon Pi Epsilon.

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach.  Samuel Jero, Endadul Hoque, David Choffnes, Alan Mislove, Cristina Nita-Rotaru. NDSS 2018, Feb. 2018.  CISCO Network Security Distinguished Paper Award.

Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations. Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru. In the 45th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2015.  Best paper award.


Faculty Host