Note: This tutorial has been cancelled.

Tuesday, November 19, 2002
1:30 pm - 5:00 pm

Internet Security

Richard A. Kemmerer
Reliable Software Group
Department of Computer Science
University of California, Santa Barbara

Abstract

The growth of the Internet and the World Wide Web (www) during the past few years has been phenomenal. Most every business and government institution has a web page, and the web and web browsing are fast becoming the primary source of information for people of all ages. Unfortunately, the web was designed with little or no concern for security. In addition, Java applets, which are designed to be downloaded from the web and run directly by the Java virtual machine within a browser, are also increasingly being included in web pages to provide more sophisticated animation and other desirable features. Downloading and executing code from anywhere on the Internet brings security problems along with it. Secure Internet computing can be achieved only through systematic design.

This tutorial introduces some known threats to secure Internet computing and analyzes protection mechanisms and techniques for countering these threats. The first part of the tutorial reviews browser technology and some known browser attacks. Next some experiments that were performed at the University of California, Santa Barbara (UCSB) to demonstrate the vulnerabilities of several versions of different browsers are presented. The second part of the tutorial reviews the Internet protocol suite and identifies attacks for each of the protocols. This is followed by an example break-in scenario that combines the different attacks. Finally, an experience compromising an online banking application is presented.

Presenter Biography

Richard A. Kemmerer is a Professor and past Chair of the Department of Computer Science at the University of California, Santa Barbara. He is a Fellow of the IEEE Computer Society, a Fellow of the Association for Computing Machinery, and Editor-in-Chief of IEEE Transactions on Software Engineering. Dr. Kemmerer has chaired or served on many program committees and was the program co-chair of the 20th International Conference on Software Engineering (ICSE98). He has served as a member of the National Academy of Science's Committee on Computer Security in the DOE, the System Security Study Committee, the Committee for Review of the Oversight Mechanisms for Space Shuttle Flight Software Processes, and the Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure. He has also served as a member of the National Computer Security Center's Formal Verification Working Group and was a member of the NIST's Computer and Telecommunications Security Council. Dr. Kemmerer is also the past Chair of the IEEE Technical Committee on Security and Privacy and a past member of the Advisory Board for the ACM's Special Interest Group on Security, Audit, and Control. He has written numerous papers on the subjects of computer security, formal specification and verification, software testing, programming languages, and software complexity measures. He is the author of the book "Formal Specification and Verification of an Operating System Security Kernel" and a co-author of "Computers at Risk: Safe Computing in the Information Age." He has been a Principal Investigator on numerous government and private sector sponsored projects and leads the Reliable Software Group at UCSB. Under his direction the Reliable Software Group has addressed the need for better languages and tools for designing, building, and validating software systems.