Successes and Failures applying to SaTC/TWC/TC/CT

Nikita BorisovUniversity of Illinois at Urbana-

Champaign

My SaTC Experience

• First PI experience in 2006• Four funded projects through some version of

SaTC– Vulnerability signatures in intrusion detection– Security and privacy in building automation– Network traffic analysis– Anonymous communications (CAREER)

• About as many rejections• Half dozen panels

Vulnerability Signatures

• Traditional signatures in intrusion detection: recognize attack– E.g., “AAAA….AAAA?idapi.ida” for CodeRed

• Too specific:– CodeRed II used “NNNN….NNNN?idapi.ida”

• Vulnerability signatures: recognize attack vector• Challenge: faithfully reconstruct application

parsing state with high performance

Behind the Proposal

• Genesis: internship at Microsoft Research as graduate student

• Development: – Identify basic research challenges– Create evaluation strategy

• Collaboration:– Two senior co-PIs / mentors

Building Automation

• Newer buildings use networked sensors and controls for lights, doors, HVAC, etc.

• Opportunity for applications that enrich inhabitants’ lives

• Woefully insecure• Challenge: design interface that enables

applications while preserving important privacy and security constraints

Behind the Proposal

• Genesis: Class project on applications for building automation

• Development: – Identify general principles that can be applied in

this setting• Collaboration:– My co-instructor in the course

Traffic Analysis

• Encrypted network traffic contains patterns: packet sizes, timings, counts, …

• Side channel that reveals information– User identity– Password characters– Web page content– VoIP phrases

• Challenge: Rigorous, systematic understanding of attacks and defenses

Behind the Proposal

• Genesis: Attack paper on network watermarking schemes

• Development: – Identify several important problems– Formulate fundamental theoretic questions– Connect them to experimental validation plan

• Collaboration: – Co-author from attack paper– Another communications expert– Senior mentor

Anonymous Communications

• Internet communication leaks metadata about interests, relationships, behavior, etc.

• This information is (ab)used by ISPs, employers, advertisers, intelligence agencies, repressive regimes, …

• Anonymity networks, such as Tor help protect metadata, but at a large performance cost

• Challenge: creating scalable, high-performance overlay networks while minimizing leaked information

Behind the Proposal

• Genesis: PhD work, followed by several years of research

• Development:– Detailed description of next few research papers

• Collaboration:– Support letters from foreign collaborator

Lessons from Rejections

• SaTC panelists are notorious skeptics!– Your job to convince them your approach will

work and be secure• Missing related work can be a killer– Spend twice as much time as you think you need

• Avoid being too broad

Closing Thoughts

• Get thee on a panel!– Can’t beat first-hand experience– PMs often struggle to fill slots

• Get co-PIs with prior SaTC successes– Can be helpful even at a low commitment level

• Enjoy the experience!– Even unfunded proposals have payoffs