Spyware, viruses, worms, denial-of-service attacks and phishing are some of the problems facing individuals, government and businesses. The increasing complexity of modern software and the free-flow of data across networked applications, plus the constant evolution of attack mechanisms, means that new strategies and technologies are needed.
Dr. Paul C. Van Oorschot , Carleton University
Computer security is a pressing problem for virtually every user of the Internet. Spyware, viruses, worms, denial-of-service attacks and phishing are some of the problems facing individuals, government and businesses. The increasing complexity of modern software and the free-flow of data across networked applications, plus the constant evolution of attack mechanisms, means that new strategies and technologies are needed. In the last year, the project team has made numerous contributions in this area. A technique to prevent attackers from replacing installed programs with malicious versions was developed, as well as practical techniques for using multi-core CPUs to increase reliability and security through redundant program execution. A benchmark for software model checkers was also developed. This is an important technique for automatically finding security flaws in computer programs. Finally, PhD research provided a new theory and algorithms for hiding communications within ordinary network traffic. Such covert channels are used to send stolen sensitive data out of organizations and to remotely control compromised computers. The team’s work in this area is an important advance in developing better defenses against unauthorized communications.