 |
Center for Nonlinear Studies |
As the Internet grew throughout the 2000s, our ability to understand such a decentralized collection of independent nodes and networks degraded correspondingly. Technological barriers and its sheer scale prevented us from measuring, quantifying, and comprehending such an expansive ecosystem. This lack of insight was especially detrimental when it came to evaluating the Internet's security and privacy aspects and how those aspects impacted end-users. Fortunately, more recent advances in research tools and techniques have provided us with the ability to conduct Internet-scale measurements and search for as well as evaluate the potential impact of various weaknesses. With this ability, we are able to not only quantify many aspects of real-world deployments but also to reason about security and privacy more holistically and at the true scale of the Internet. In this talk, we will look at recent Internet-scale security research and how it has changed our understanding of security at the scale of the Internet as well as our efforts to defend it and its users' security and privacy. In addition to quantifying well-known and well-understood weaknesses, Internet-scale measurement and analysis also allows us to explore and evaluate so-called "asymmetric vulnerabilities" which may be undetectable or impractical to exploit at smaller scales. Although the exploitation of these types of vulnerabilities is often infeasible from a conventional attacker's perspective, there exists a small but powerful class of well-resourced and highly-privileged actors for whom their requirements and potential impacts are ideally suited. By leveraging this newfound understanding, we are able to take steps to strengthen the Internet's fundamental security and privacy properties against these more-capable attackers while simultaneously building defenses against future exploitation by conventional actors.
Host: Christopher Rawlings