-
PhD Defense- You Kyu Lee
Thu, Oct 19, 2017 @ 01:00 PM - 03:00 PM
Thomas Lord Department of Computer Science
University Calendar
Date: Thu, Oct 19, 2017 @ 1:00 PM - 3:00 PM
Location: Hedco Chemical Engineering (HED) - 103
PhD Candidate: Youn Kyu Lee
Committee: Nenad Medvidovic (CS, chair), William G.J. Halfond (CS), Sandeep Gupta (EE)
Title: Reducing Inter-Component Communication Vulnerabilities in Event-Based Systems
Abstract:
Event-based system (EBS) has become popular because of its high flexibility, scalability, and adaptability. These advantages are facilitated by its reliance on implicit invocation and implicit concurrency. Specifically, in EBS, components may not know the consumers of the events they publish, nor do they necessarily know the producers of events they consume. This communication mechanism is based on non-determinism in event processing, which can introduce inherent security vulnerabilities into a system referred to as event attacks. Event attack is a particular type of attack that can abuse, incapacitate, and damage a target system by exploiting the system's event-based communication model. Different types of event attacks have been identified in a range of domains to date. It is hard to prevent event attacks because they are administered in a way that does not differ from ordinary event-based communication in general. While a number of techniques have focused on security threats in EBS, they do not appropriately resolve the event attack problems or suffer from inaccuracy in detecting and preventing event attacks. Furthermore, fundamental security flaws, which can be exploited by event attacks, have not been clearly identified yet. In order to address the risk of event attacks, this dissertation presents four main approaches: (1) a new taxonomy for security flaws in EBS, which can serve as a basis for resolving event attack problems; (2) SEALANT (Security for End-users of Android via Light-weight ANalysis Techniques), a novel protection mechanism for Android, one of the most widely used event-based platforms; (3) SCUTUM (SeCUrity for evenT-based systems implemented Using MOM platforms), a novel vulnerability detection technique for EBSs that are implemented by using message-oriented middleware platforms; and (4) ViVA (Visualizer for eVent-based Architectures), a new visualization technique for monitoring and identifying security vulnerabilities in EBS.
Location: 103
Audiences: Everyone Is Invited
Contact: Lizsl De Leon