Towards Scalable User-Agnostic Attack Defense

Zhichun "ZC" Li, NEC Research Labs

Security has become one of the major concerns for today’s Internet. End users, however, are slow in adopting new security technologies. Many users cannot manage security well by themselves. Ideally, security mechanisms should be as transparent as possible to the users. On the other hand, IT managers desire efficient and scalable protection mechanisms.

Towards addressing these issues, in this talk, I would like to introduce two of my efforts. First, I will present the design of NetShield, a new vulnerability signature based NIDS/NIPS, which achieves high throughput comparable to that of the state-of-the-art regular expression based systems while offering much better accuracy. In particular, we propose a candidate selection algorithm which efficiently matches thousands of vulnerability signatures simultaneously, and design a parsing transition state machine that achieves fast protocol parsing.

Second, I will talk about WebShield, a secure web proxy design that protects clients from web-based exploits by processing potentially malicious JavaScript in a sandboxed environment (shadow browser) on a middlebox. With shadow browsers, WebShield also aims to deploy client-based defenses against various classes of web attacks without client modifications.

Speaker Biography

Zhichun “ZC” Li is a research staff member at NEC Research Labs in Princeton, NJ. At NEC Labs, he currently leads the effort of designing a scalable Android app analysis framework. Before joining NEC, he received his Ph.D. on Dec 2009 from Northwestern University. He earned both M.S. and B.S. degrees from Tsinghua University in China. His research interests span the areas of security, networking and distributed systems with an emphasis on smartphone security, web security, network security, social network security, cloud security, network measurement and distributed system diagnosis. Previously, he has conducted research at Microsoft Research Redmond and International Computer Science Institute (ICSI) of UC Berkeley.