[ Tutorial I ||
Tutorial II ||
Digital Forensics: Research Challenges and Open Problems
14:00 - 15:30
The possibility of becoming a victim of cyber crime is the number one fear of
billions of people. It is clear that we need better IT technology and training
to properly secure our cyber infrastructure and engender appropriate trust in
its operation and fidelity. But that, by itself, is not enough. Even if we were
able to build and deploy highly-robust computing systems, there would still be
threats from unexpected interactions and failures, and from users with
privileged access but with improper training and/or untoward motives. We need
to have reliable tools and methods for investigation when an untoward event
occurs, both to fix any collateral damage and to identify the causes. We also
need to support a credible deterrent based on the threat of discovery and
action ranging from administrative discipline to legal proceedings. Underlying
all of that, we need a sound scientific foundation so that we have confidence
in our results to identify the real causes and not to mistakenly accuse any
innocent parties. The science, technology and practice that encompass all of
these concepts for cyber crime investigation are generally known as Digital
Forensics. To date, this emerging field of digital forensics has been plagued
by a lack of fundamental research and theory, ad hoc and independent tool
development, and few formal standards.
There are several technical challenges that must be addressed for digital forensics. Many of these challenges relate to establishing a sound scientific foundation and developing practical techniques for investigating cyber crimes. This tutorial is designed to introduce essential digital forensics concepts, lay down the technological challenges and important research problems, and describe how the research community is addressing them. We will explore the issues associated with both computer forensics and network forensics, and at the end, will discuss a few important open problems in the field. We hope this tutorial could introduce digital forensics to and bring more attention and interests from a wider community of security researchers and practitioners. We also hope to motivate more young students to work in this field, and seek scientists, engineers, practitioners, educators, and others who have insight and vision on and understanding of the technical and social challenges in digital forensics field to shape the research agenda over the next one or two decades.
The intended audience includes students and faculty in universities interested
in study and research in digital forensics, law enforcement practitioners,
industry researchers and developers interested in research and development of
digital forensic products, systems, and applications. Basic operating systems
and networking knowledge is assumed.
Dr. Yong Guan is currently an Assistant Professor in the Department of
Electrical and Computer Engineering at Iowa State University. He is affiliated
with the U.S. DoE Ames Lab's Midwest Forensics Resource Center and the Iowa
State University's NSA-designated Information Assurance Center. He received his
BS (1990) and MS (1996) in Computer Science from Peking University, China, and
his PhD (2002) in Computer Science from Texas A&M University. His research
interests are computer networks and distributed systems, with focuses on
security issues, including computer and network forensics, wireless and sensor
network security, and privacy-enhancing technologies for the Internet. He
co-chaired the Computer and Network Forensics Research Workshop (CNFR 2005),
which was held in conjunction with IEEE SecureComm 2005. He received the best
student paper award from the IEEE National Aerospace and Electronics Conference
in 1998 and won the 2nd place in graduate category of the Int'l ACM student
research contest in 2002. He is a member of ACM and IEEE, and a member of IFIP
TC-11 WG 11.9: Digital Forensics.
For more information, please visit his web page: http://www.eng.iastate.edu/~guan.
We will present the Xen Worlds project, an effort to create a
versatile "virtual lab" where each student can be provided
root access to their own network of virtual machines, (a Xen World),
with the Xen World being accessible 24/7 access via SSH. This
approach makes it possible for students to turn-in a single virtual
machine, or their entire network, as the finished product, and allows
for grading to occur directly on those machines instead of grading a
few select artifacts such as configuration files, programs or outputs.
In addition to providing the virtual lab environment, the Xen Worlds
project is tailored to the requirements and phases of the assignment
life-cycle, and ensuring ease-of-use for the instructor and students.
Xen Worlds is relatively inexpensive to implement, with no software costs, due to the use of open source software, and low hardware costs, due to the efficiency of the Xen virtual machine monitor. The entire cost of our Xen Worlds cluster is under US$7,000 and, with Fedora as the virtual machine OS, allows over 300 VMs to be run simultaneously. However, it is also possible to implement a smaller-scale solution, as a single desktop computer could potentially run 30 to 50 virtual machines simultaneously.
The tutorial will introduce and discuss the general aspects of the Xen Worlds
project, but will focus on the increased possibilities for assignments, and the
ease of use for both the instructor and students. Specifically, the tutorial
To illustrate these points, the tutorial will focus on a simple assignment that can be given to introduce students to the Xen Worlds environment. This will include a demonstration of the design, configuration and creation of the Xen Worlds, and a demonstration of the interfaces used to access the Xen Worlds environment.
This tutorial is aimed at educators interested in expanding the diversity of assignments that can be given, and researchers interested in creating virtual networks consisting of fully functional virtual machines. A familiarity with a Linux environment is assumed, but no in-depth knowledge of the operating system is required. Educators and researchers from diverse areas should find something to take away from this tutorial.
The most important benefit that attendees will gain from this tutorial is the exposure to a new environment that can immediately be used for academic and research purposes, with minimal implementation and administration costs.
Dr. Thomas E. Daniels is an Assistant Professor in the
Department of Electrical and Computer Engineering at Iowa State
University in Ames, Iowa. Tom received his Doctorate in Computer
Science from Purdue University under the advisement of Eugene
H. Spafford. He did his graduate work at Purdue, initially in the
Computer Operations, Audit, and Security Technology (COAST) Lab and
then in the Center for Education and Research in Information Assurance
and Security (CERIAS). More information is available at:
Benjamin Anderson is a Ph.D. student in Computer Engineering at Iowa State University studying under Dr. Tom Daniels. Ben received his B.Sc. in Computer Science from Iowa State University in 2000, and worked at Motorola, Inc. as a Senior Software Engineer until returning to Iowa State in 2003 to begin his graduate studies. Ben's research interests are in the areas of intelligent attack agents and educational applications of virtualization.
Storage systems have undergone a tremendous evolution over the last
years. Today, storage space is typically provided by complex
networked systems, in which clients communicate with storage servers
over a network. In the near future, networked storage systems will
extend beyond the server room, and their security will become a prime
concern. Most data storage systems will soon rely on cryptographic
protection methods as a key technology.
Protecting "data at rest" in storage systems poses new challenges compared to protecting "data in flight", which has been the focus of communication security for some time and is well understood today. One notable difference between these two problems is that a communication channel typically uses a streaming interface with FIFO characteristic, whereas a storage system must provide random access to small portions of the stored data. New techniques are needed for providing security in this context, in particular for protecting the integrity of stored data efficiently and for key management.
Methods for cryptographic storage protection have been investigated for some time already, and some have been available in practice, like hard-disk and whole file-system encryption. Concerns about the involved overhead has so far prevented their pervasive use in distributed storage systems. But privacy regulations that have recently been introduced mandate encryption for certain environments; this explains why the industry is actively working on strong cryptographic protection methods for data storage systems.
Topics of the tutorial:
Background material for this tutorial (see http://www.zurich.ibm.com/~cca/):
Christian Cachin graduated with a diploma in Computer Science
from ETH Zurich (1993) and obtained his Ph.D. in Computer Science from
ETH Zurich in 1997. From 1997 to 1998 he was postdoctoral researcher
at the MIT Laboratory for Computer Science, with Prof. Ron Rivest, one
of the inventors of public-key cryptography. He has been a Research
Staff Member at IBM Zurich Research Lab since 1998, where he was
involved in a number of projects in security and distributed systems.
He has authored many publications in the areas of cryptology and distributed systems, holds several patents on secure protocols and cryptographic algorithms, and has been a frequent member of program committees of technical conferences. He is a Director of the International Association for Cryptologic Research (IACR). Together with Jan Camenisch he was program chair and organized Eurocrypt 2004. His current research interests are cryptography, network security, fault tolerance and distributed systems.