Inside Iowa State
August 25, 2000
The war against hackers
by Skip Derra
To map out the anatomy of a cyber
attack, Jim Davis decided to go low tech. He reached for his
Post-it notes.
Davis and Doug Jacobson -- both Iowa State associate professors of electrical and computer engineering -- and their students mapped out how the recent Internet virus dubbed the Love Bug actually worked. They eventually covered nearly a full wall of Davis' office with Post-its.
By breaking the Love Bug into pieces and tracing attributes of those pieces to previous attacks, the researchers explored the "genetics" of the virus, coming up with insights.
"It started looking like genetic information being passed from previous attacks," Davis said. "We made a big graph of these attacks, looked at the genetics of it and noticed a very small number of core techniques that were being used over and over.
"If we develop an effective countermeasure for that small core of techniques, we would effectively eliminate that entire path of attacks," he said. "It's that simple."
A step ahead
Simple and preventative are exactly what Davis and
Jacobson want. They would like nothing more than to move
information assurance, or computer security, from reactionary
effort to preemptive exercise. Their efforts are helping to
make Iowa State a leader in computer information
assurance.
They've learned that in the stealthy world of computer hacking, staying on your toes and a step ahead of hackers can pay rich rewards.
"Attacks used to be nuisances," Davis noted, "put on sort of as pranks. Now they're billion dollar losses.
"Our Internet constantly is being attacked and probed even by our allies," Davis said. "That's the environment in which we live."
Which makes computer security huge in the e-world.
"Security is everybody's issue," Jacobson said, "not just the nerd in the corner. As everybody ties into the Internet, it is every citizen's responsibility to be aware of security issues."
New masters
This fall, Iowa State begins a masters degree program
in information assurance. It is one of six nationwide, and
Jacobson and Davis are at the heart of the program.
The interdisciplinary program will involve six departments and the ISU library. In addition, Iowa State's Information Systems Security Laboratory, a National Security Agency Center of Excellence, will be used by students to research and practice electronic warfare, honing their skills for real world encounters. Jacobson and Davis also are submitting a center proposal to the Board of Regents, State of Iowa, in October. The proposed center would be the home for much of the masters program, as well as the focal point for faculty collaborations.
The masters program already has generated considerable interest from students far and wide. Jacobson and Davis field hundreds of questions each month about the program from prospective students and businesses.
"If every student who graduated from this university were in computer security, it wouldn't meet demand," Jacobson said. "All of the six U.S. degree programs can't produce enough graduates."
Ethical dilemmas
A distinction of the ISU program is that it not only
will teach the technical aspects of making computers secure -
- cryptography, intrusion detection, launching successful
counter measures -- but will tackle thorny social and ethical
issues as well, Davis said.
The FBI's recently publicized Carnivore e-mail surveillance software, which some call a gross intrusion on Internet privacy, is an example of technology's reach crashing into people's tolerance.
Jacobson said that what the Carnivore program does is "technologically trivial," but it flags several fundamental issues that need to be addressed.
"There are so many things that can be done technically, but you have to ask, 'Is this what we want?'" Davis said. "Issues, like the ones that relate to privacy, come down to social and political ramifications. Programs that focus only on the technical side totally miss those key issues."
Jacobson added that passing laws against certain online behavior isn't the answer. He said future professionals in the computer field need to know where the social and political lines are drawn and respect them because "you can't put the technology back into the bottle."
Think fast
"This is an interesting field because what you are up
against is very adaptable, very changeable," Jacobson said.
"It's you against some-body else, and that somebody else
might very well be better than you.
"You have a lot of open-ended problems that require really tough solutions," he added. "You have to be creative. You have to be fast. You have to be bright to tackle these problems. You really have to think differently and that motivates a lot of people."
Davis and Jacobson know that while the new master's program is geared to graduating students primed for doctoral programs in information assurance, the reality is many will enter industry as cyber sleuths.
"Our students will have the ability to step in and analyze the risk of vulnerabilities that occur with large interconnecting computer systems, monitor those technologies and know when a breach occurs and what to do about it," Davis said. "Industry will like what they see."
Inside Iowa State, inside@iastate.edu,
University Relations Revise
d 8/24/00
Iowa State homepage
Copyright © 1999-2000, Iowa State University, all rights
reserved
URL:
http://www.inside.iastate.edu/2000/0825/hackers.html