Protecting a world online

September 05, 2002

The Internet and computer networks are now an essential part of most people's lives, yet remain exposed to attacks by hackers. Researchers at the University of California, Davis', Computer Security Laboratory are hard at work to protect these vulnerable networks and the functions they provide, from government services and corporate records to e-mail and e-commerce.

Sooner or later, someone will unleash a disabling attack on the Internet, said Karl Levitt, professor of computer science at UC Davis and one of the lab's principal investigators.

"It's a matter of when, not if," Levitt said.

Anticipating that threat, Richard Clarke, President Bush's special adviser on cyberspace security, will launch a national plan Sept. 18 to protect the Internet from malicious attacks. The plan is expected to include recommended steps that home and business users can take to prevent their computers being attacked or used by hackers.

Researchers at the UC Davis laboratory, which is recognized as a Center of Excellence by the National Security Agency, study areas including stopping Internet worms and computer viruses; detecting intruders in networks; and keeping information on the Internet safe and reliable.

Levitt's group recently began a new project, funded by the Defense Advanced Research Projects Agency, to find ways to detect and catch "worms," malicious programs that spread themselves across the Internet. In recent years, worms such as ILOVEYOU, Nimda and Code Red have spread around the world in hours, causing damage estimated at billions of dollars in lost productivity.

A worm is a program that uses networked computers to make copies of itself and spread to other machines. In contrast, a computer virus is a small program that hides itself inside another, legitimate program and is spread when those files are copied. Most so-called computer viruses are actually worms.

Worms mostly crash networks by creating more traffic than systems can cope with, like flooding the freeways with thousands of extra cars during rush hour. Computer scientists call this a "denial of service" attack. Attempts have already been made to launch denial of service attacks against computers run by U.S. companies and government. In August 2002, the FBI issued a warning about such an attack which eventually caused little damage.

However, computer scientists believe that much more dangerous attacks are on the horizon, such as a "flash worm" or "Warhol worm," which could infect a million computers within fifteen minutes.

Potentially, worms can also deliver a "payload" that damages a computer that receives it.

Levitt's research group is looking for ways to automatically detect worms, find out how they work and send warnings and protective software across the Internet.

Worms that spread fast are easy to detect, but hard to stop, Levitt said. In contrast, worms that are designed to spread slowly might be very hard to detect, but should be easy to stop once identified, he said.

To detect worms, you need to look for unusual behavior on the Internet. Typically a worm on one computer will test linked computers for vulnerability and spread to those it can, then test computers linked to that one. That creates a tree-like pattern, starting from the point of infection. But some other programs, for example file-sharing programs such as Napster, can create a similar pattern as they search users' computers for files. Any surveillance system needs to distinguish between traffic patterns caused by malicious and harmless programs.

Once you've spotted a worm, you need to study it. That means grabbing a snapshot of it in the few fractions of a second it takes to run on the infected computer. The worm may mutate -- change its characteristics -- as it spreads, in which case you would need to put together snapshots from different parts of the Web to find common characteristics, Levitt said.

Having found a worm and worked out how to stop it, you need to get that information out across the Internet. A centralized surveillance and warning system, on the lines of the Centers for Disease Control in the real world, probably wouldn't work because it would be a prime target for hackers, Levitt said. Furthermore, the source would have to be trusted by users around the world not to issue false alerts or damaging software.

Matt Bishop, associate professor of computer science, studies how networks can be protected from intruders and how unathorized intruders can be detected. Turning themselves into bad guys, his group uses a small network of computers, isolated from the rest of the Internet, to launch hacking attacks and probe systems for security weaknesses.

Bishop's group has written software for a vulnerability detector, which can be used to check other programs for security loopholes. Both commercially available software programs and custom-written software can contain unsuspected weaknesses that hackers can exploit. Sometimes, the patches issued by software manufacturers to repair security holes cannot be used without extensive testing in case they cause problems with custom-written software, Bishop said.

Bishop's group is also working on methods and tools to test programs for security problems and is maintaining a vulnerabilities database. The work is funded by NASA and the Jet Propulsion Laboratory.

Setting uniform standards for computer security may not be useful, because different users have different needs for openness versus privacy and protection, Bishop said. For example, a university network sets a much higher value on open access than that of a private corporation. It's more appropriate to set a policy on security and allow flexibility in how that is achieved, he said.
More information:

Media contacts:
-- Karl Levitt, Computer Science, (530) 752-0832,
-- Matt Bishop, Computer Science, (530) 752-8060,
-- Andy Fell, News Service, (530) 752-4533,

University of California - Davis

Related Computer Security Articles from Brightsurf:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.

Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.

Focus on food security and sustainability
The number of malnourished people is increasing worldwide. More than two billion people suffer from a lack of micronutrients.

Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.

UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.

Discovery casts dark shadow on computer security
Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors' secure regions to access memory and data.

Shh! Proven security for your secrets
Researchers show the security of their cipher based on chaos theory.

A library for food security
Researchers are uncovering the genome of cowpeas, also known as black-eyed peas, in response to challenging growing conditions and the need for food security.

Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.

'Security fatigue' can cause computer users to feel hopeless and act recklessly
A new study from National Institute of Standards and Technology researchers found that a majority of the typical computer users they interviewed experienced security fatigue -- weariness or reluctance to deal with computer security -- that often leads users to risky computing behavior at work and in their personal lives.

Read More: Computer Security News and Computer Security Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to