Cybersecurity Lecture Series - Mattia Fazzini
Meet academic and industry leaders for intimate discussions about new cyber threats, trends and technologies.
The Cybersecurity Lecture Series is a free, open-to-the-public lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from private companies, government agencies, start-up incubators as well as Georgia Tech faculty and students presenting their research.
Held weekly each Friday at Noon through Apr. 21, lectures are open to all -- students, faculty, industry, government, or simply the curious. Graduate students may register for credit under seminar course CS-8001-INF.
Complimentary lunch provided for registered guests. Please bring your own beverage.
Featuring Mattia Fazzini on Feb. 24, 2017
"Tagging and Tracking of Multi-level Host Events for Transparent Computing"
ABSTRACT | Advanced persistent threats (APTs) are characterized by their abilities to render existing security mechanisms ineffective; for example, APT activities can blend in with normal user and program activities to blindside intrusion detection systems. APTs can evade security protection because existing mechanisms lack the sufficient visibility into user, program and operating system activities to ascertain the authenticity of an activity and the provenance of its data. For example, it is not possible for a network intrusion detection system to determine that data sent from an end-host has been modified by a malicious browser extension after a user had entered the data on a web form. On the other hand, if we have full tracking of how data is processed by the browser, intuitively, we can detect such an APT activity.
In this talk, I will present THEIA, a system for tagging and tracking of multi-level host events and data for security analysis such as APT detection. THEIA is a system based on full-system record and replay and fine-grained dynamic information-flow analysis. THEIA is able to track data provenance from user input to program internal representation, and to filesystem storage and network output, and likewise, from network or filesystem to program internals, and to user interface. THEIA achieves both high accuracy and high efficiency by recording just the sufficient amount of data at runtime, instead of coupling computation-heavy tag analyses to the system’s execution, and by performing thorough analysis while replaying the recorded events. We evaluated THEIA in the context of the Transparent Computing program and observed that it achieves high accuracy while encountering low runtime overhead.
BIO | Mattia Fazzini is a Ph.D. student in the School of Computer Science at the Georgia Institute of Technology. His research interests are in the areas of software testing, program analysis, and computer security. During his Ph.D. studies, he worked as a research assistant at the National University of Singapore and as associate specialist at the University of California Berkeley.
Tara La Bouff