 |
Kathy Wang |
Stopping Hackers in Their Tracks
Kathy Wang
July 2006
Kathy Wang has never been one to shrink from a challenge. She began
studying classical piano at age seven, persevering in her dedication
to music for many years in spite of a childhood illness that left
her with mild hearing loss. And she was only nine when she first
dabbled in software, learning programming on her Apple IIGS computer.
Wang went on to earn two degrees in electrical engineering and
started off her career designing chips at Digital Equipment Corporation.
While she enjoyed hardware engineering, she wanted to learn more
about the world of software. The emerging field of computer security
engineering offered a tantalizing opportunity to make a splash by
solving the evolving riddles of computer hacking. "I've always dreamed
about making a significant contribution to the field I'm working
in," she says. "It's possible for one or two people working on a
new concept in software to come up with a killer application."
Today Wang is a leading researcher in the field of computer security
engineering. As a senior scientist and information security engineer
at MITRE, she is at the forefront of the effort to develop new Internet
security tools called "honeyclients."
Honeyclients are programs that monitor high-traffic Internet servers
to identify malicious programs targeting vulnerable Internet or
e-mail servers. This enables website administrators to fix the vulnerabilities
before they escalate into full-scale security disasters. What's
more, honeyclients collect critical data about the malicious programs,
helping site administrators to design new and improved defenses.
A Work in Progress
The design process for honeyclients is always a work in progress,
since they take aim at moving targets—the ever-changing obstacles
presented by hackers. But it's just the kind of detailed, precise
work that Wang thrives on.
"The potential impact of the honeyclient is huge, because the potential
for damage from client-side exploits is so significant," she explains.
For the government and the commercial world, much is at stake in
the fight against malicious online activity. Productivity evaporates
when hacker attacks bring networks down, and data security may be
compromised as well. A major attack of this kind is not only possible,
but likely, and what inspires Wang's work is the ongoing question
of how best to respond.
Wang and her team estimate that a hypothetical client-side attack
designed to exploit vulnerabilities in a widely used Web server
and then spread to other vulnerable applications could affect 80
percent of such applications in the world within only 10 minutes.
While lower-traffic sites have been targeted, an actual large-scale
attack such as this hasn't happened—yet. Wang's research aims
to help computer security experts prepare for the big one.
"We still don't understand enough about these kinds of exploits,"
she says. "The best way to defeat these attackers is to learn as
much as we can about how they operate."
A Community Effort
The goal of MITRE's honeyclient project is to produce a reliable
tool that can thwart such an attack before it begins. Few such tools
exist in the Internet security space today, although Microsoft Corp.
and others are at work on similar concepts. But Wang's project is
the only existing open source honeyclient—a fact of which
she is proud.
"I've always been a big supporter of open source software," she
notes. "I'm envisioning a community effort, where government, academia,
and industry come together to address the issue of client-side exploits."
Eventually she and her team hope to convene a task force of security
experts to collaborate on honeyclient development.
Wang's interest in the topic runs so deep that she has a hard time
leaving it at the office. Much of her free time these days is taken
up with open source-related work. She runs a website dedicated to
computer security issues and is also one of the founders of a computer
security research group called Syn Ack Labs. On top of all this,
she writes a blog that's a mixed bag of musings on computer security
issues, book and movie reviews, anime, gourmet food, and a guide
for tea connoisseurs.
But lately, blogging has taken a back seat to her increasingly
frequent lectures on honeyclient development. Wang can often be
found at Internet security forums all over the world, such as the
DEFCON hacker conference, the Australian Computer Emergency Response
Team (AusCERT) event, the U.S. Computer Emergency Readiness Team's
GFIRST conference, and the RECon computer security conference. It's
a hectic schedule, but a fulfilling one, she says.
"It's really neat when your day job and your evening and weekend
hobby converge," she says. "And at MITRE, there's always a new challenge."
—by Maria S. Lee
Related Information
Articles and News
Technical Papers and Presentations
Websites
|
