Computer and Network Security
The Internet has become a critical infrastructure, heavily relied on by business, government, and virtually all facets of society. Yet virtually all of its components remain incredibly vulnerable to digital attack - including the physical computing and communications devices which comprise it, the communications channels it provides, and the information sent and stored using these resources. Security issues previously of concern mainly to banks and the military, now impact everyone. The privacy of personal information, and the confidentiality of non-personal sensitive information (e.g., confidential plans or documents) remain important. But the challenges extend far beyond cryptography (e.g., mathematical algorithms for encryption). Reliable authentication for web applications, and secure use of credit cards on the Internet, are difficult to guarantee, because "phishing" and other forms of social engineering are not purely technical problems. Security and usability - designing systems which are both secure and usable - remains an open research challenge. The integrity of the Internet infrastructure is susceptible to compromise because of commonplace (and hard to eliminate) flaws in software applications, software platforms, and software systems. This allows malicious entities to successfully propagate computer viruses, worms, Trojan horse software, keyloggers, spyware and other malware. Botnets (tens of thousands of compromised "zombie" machines, managed by single points of control) are now regularly observed, and used for distributed denial of service (DDoS) and distributed scanning of victim machines. Firewalls and related perimeter defenses are only partial solutions; intrusion detection systems have fallen short of promises. Dangers await everyone who browses the Internet. The open research challenges in network and software security are enormous.
Related Research Groups:
Faculty Researching the Area:
|
|
