The state of network security today is quite abysmal. Security breaches and
downtime of critical infrastructures continue to be the norm rather than the
exception, despite the dramatic rise in spending on network security.
Attackers today can easily leverage a distributed and programmable
infrastructure of compromised machines (or botnets) to launch large-scale and
sophisticated attack campaigns. In contrast, the defenders of our critical
infrastructures are fundamentally crippled as they rely on fixed capacity,
inflexible, and expensive hardware appliances deployed at designated
“chokepoints”. These primitive defense capabilities force defenders into
adopting weak and static security postures configured for simple and known
attacks, or otherwise risk user revolt, as they face unpleasant tradeoffs
between false positives and false negatives. Unfortunately, attacks can easily
evade these defenses; e.g., piggybacking on popular services (e.g.,
drive-by-downloads) and by overloading the appliances. Continuing along this
trajectory means that attackers will always hold the upper hand as defenders
are stifled by the inflexible and impotent tools in their arsenal.
The goal of our research is to change the dynamics of this attack-defense
equation. Instead of taking a conventional approach of developing
attack-specific defenses, our work focuses on empowering defenders with the
right tools and abstractions to tackle the constantly evolving attack
landscape. To this end, we envision a new software-defined approach to network
security, where we can rapidly develop and deploy novel in-depth defenses and
dynamically customize the network’s security posture to the current operating
In this talk, I will give an overview of our recent work in this space.
Vyas Sekar is an Assistant Professor in the ECE Department at Carnegie Mellon
University, where he is part of CyLab. His research interests lie at the
intersection of networking, security, and systems. He received his Ph.D. from
the Computer Science Department at Carnegie Mellon University in 2010. He
earned his bachelor's degree from the Indian Institute of Technology Madras,
where he was awarded the President of India Gold Medal. His work has been
recognized with the NSF CAREER award, the ACM SIGCOMM Rising Star Award, the
NSA Best Scientific Cybersecurity Paper Award, the CSAW Applied Security
Research Prize, and multiple best paper awards (ACM SIGCOMM, ACM CoNext, and ACM Multimedia).