Understanding and Mitigating Malicious Activity in Networked Computer Systems

Project leader

Dr. Paul C. Van Oorschot, (Carleton University)

Project team:

Dr. Marsha Chechik, (University of Toronto)
Dr. Scott Knight, (Royal Military College of Canada)
Dr. Anil Somayaji, (Carleton University)
Dr. Mohammad Zulkernine, (Queen's University)
Dr. David Lie, (University of Toronto)

Group photo of the project team members

Back row (left to right): David Lie, Scott Knight, Paul Van Oorschot. Front: Anil Somayaji, Mohammad Zulkernine, Marsha Chechik.

Non-academic participants

Communications Security Establishment
Bell University Labs
IBM Center for Advanced Studies (Markham, Ontario)

Project description

Computer security is a pressing problem for virtually every user of the Internet. Spyware, viruses, worms, denial-of-service attacks, and phishing attacks are all standard problems facing governments, businesses, and individuals. Currently deployed solutions such as firewalls, virus scanners, and network intrusion detection systems can provide a degree of protection; even the best protected Internet systems, however, cannot be considered immune to attack.

The shortcomings of current solutions are due in large part to three challenging features of the current computer security problem. One is that modern software is extremely complex, consisting of millions of lines of code written by thousands of programmers. Security vulnerabilities (aside from general software bugs) in such large systems are numerous and inevitable. Another is that modern computers must be connected to be useful: networked applications are integral parts of work, study, and play for millions of people. Such communication, though, is inherently dangerous, as both code and data now flow with minimal restriction between entities that do not (and should not) trust each other. The most challenging feature, however, is the evolutionary nature of the problem itself: better defenses give rise to better attacks. Because better attacks can now lead to (ill-gained) profit, this arms race is likely to get worse in the future.

Because of the breadth of these challenges, no one strategy or technology can address all security threats. Thus, research in computer security must be equally broad, as reflected in our project's three basic thrusts: identifying vulnerabilities, detecting malicious activity, and mitigating malicious activity.