Visible to the public Keynote: The Science of Attack Surfaces and Its ApplicationsConflict Detection Enabled


Michael Howard of Microsoft identified the principle of an attack surface as the number of "attack opportunities" that a program or system makes available to adversaries. Often adversaries take advantage of undefensed opportunities to launch exploits, so understanding attack surfaces could be valuable in preventing vulnerabilities proactively. In this talk, I will discuss various research endeavors that the we and other researchers have explored in computing, representing, and reasoning about attack surfaces to identify where and how to augment defenses. Examples include the methods to use attack surface to compare relative security, identify vulnerabilities in file system access, compute exploits within programs, etc. Also, we will compare attack surfaces to alternative representations, such as attack graphs. We will discuss methods for computing attack surfaces in systems and for programs and challenges in applying the attack surface metric more broadly for developing intrusion detection techniques.

Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. Trent's research interests include operating systems security and the application of programming language techniques to software security. He has published over 125 refereed research papers and is the author of the book "Operating Systems Security," which examines the principles of designs for secure operating systems. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, Linux Integrity Measurement framework, and recently, security namespaces for Linux containers. He was Chair of the ACM Special Interest Group on Security, Audit, and Control (ACM SIGSAC) from 2013-2017, is on the steering committees of two of the major computer security research conferences (ACM CCS and NDSS, as Chair), and is the Consortium Lead for the Army Research Lab's Collaborative Research Alliance devoted to the science of security. Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering, respectively, and spent nine years at IBM Research prior to joining Penn State.

Trent Jaeger