In terms of what’s hot in computer science right now, in addition to pondering the future of artificial intelligence and machine learning, many of our experts are focused on cybersecurity.
We’re looking at time-tested methods of circling the wagons, as well as revolutionary new approaches to making sure hackers can’t get into our systems.
For example, when Michael Stonebraker talks about inverting the common model of the operating system and database layers, that has some cybersecurity value! It’s a novel idea to many admins and others who are used to a certain architecture – but that’s innovation: uncovering opportunities through new ways of doing things.
“The revolution is in how systems software is built – and it has great, fabulous security implications,” he says of “DBOS” (watch the explanation!)
Likewise, when Karen Sollins talks about preempting DDoS attacks with proof-of-work systems (or other methods), that helps, too. She explains:
“If we look at the costs that are incurred here, the attackers themselves are bearing very little of the cost; the victims, and anybody that they pay to … are, in fact, bearing the burden of the cost. So what we’re doing is trying to turn the problem upside down, what we expect is that our attackers will have to bear some of the burden, do some work, use some of their resources, in order to send traffic: if they don’t, their traffic will be dropped automatically … so what we’re doing is realigning the burden of the cost here.”
Here’s a little more on security from the IIA event:
Joseph Ravichandran talks about solving vulnerabilities by researching synergistic threats and how threat components fit together.
“In the art of war, Sun Tzu writes, If you know your enemy, and know yourself, you need not fear the result of 100 battles,” Ravichandran says. “Now, what this says to me, is that if we’re going to beat our enemies, again, our enemies are the cybercriminals, these hackers, we’ve got to think like them, get inside their heads. And as researchers, we need to beat them at their own game. So we’re going to think like attackers: you want to hack into a computer? How do you even begin?”
He gives the example of a vulnerability found on Apple’s M1 chip, showing how hardware and software problems can be connected.
The solution, he says, is a team of experts, each of which brings their own specialization to the table.
“We have one of every kind of hacker in the same room, working on this problem together, trying to solve this problem of how can we make better computers,” he explains.
So with these talks, we see that this is what some MIT teams are doing right now. There’s also the emerging sophistication of testing and scanning practices, as well as maintaining a desired state by updating patches and versions and everything else. But certainly, all of these viewpoints above are helpful! Researching the synergistic threat – you could call that the background investigation. Redefining hardware setups and network builds, that’s a form of defensive design. And then the proof-of-work idea – as Sollins explains above, it’s all about putting a bigger burden on the hacker, making them do more in order to accomplish some transaction that may be hiding a bad faith effort against a system.
Together, all of these represent some complementary insights that came out of this year’s IIA. So let’s see where all of this is going as we continue to learn from MIT’s groundbreaking innovators!