Microsoft Research Connections Blog
Next at Microsoft
Social Media Collective
Windows on Theory
Posted by Rob Knies
Soon after the founding of Microsoft Research Silicon Valley in 2001, its managing director, Roy Levin, began to bring in a series of researchers with extensive backgrounds in security in computing systems.Among those security-focused researchers was Martín Abadi, now a principal researcher at the facility, located in Mountain View, Calif. On Sept. 27, during Microsoft Research Silicon Valley’s event marking the 20th anniversary of Microsoft Research, he delivered one of five technical discussions during the day. Abadi’s was titled, simply, Security, in which he discussed Microsoft Research efforts to provide it.Security goes hand in hand with privacy, and both are critical to Microsoft Research Silicon Valley’s focus on distributed computing. But, as Abadi’s talk made clear, research in this area is far from simple.“One school of thought on security has said that, by and large, we know many mechanisms that could improve security, but that what is lacking is the will to deploy them,” he said. “There is perhaps some truth to this, but it ignores the fact that computing and computing systems are always changing and that so is the nature of attacks. The defenses must evolve, too.”Abadi invoked Butler Lampson’s “gold standard” of security, which includes three basic implementation mechanisms: authentication, authorization, and auditing.One important way to provide authentication, Abadi said, uses cryptographic protocols. This research has a long history, but various attempts exhibit certain subtleties and vulnerabilities, leading to interest in rigorous methods for design and analysis of such protocols. Work at Microsoft Research Cambridge and the Microsoft Research-INRIA Joint Centre has led to tools that enable us to reason about protocol implementation written in languages such as C or F#. Other authentication efforts utilize user names and passwords, IP addresses, browser cookies, and other browser identifiers.Whatever the method, authentication often provides input to the authorization process, which occurs at many levels in systems. Of particular importance is control-flow integrity.“If we cannot restrict the control flow of programs,” Abadi said, “then we cannot guarantee that they do not circumvent checks on which security depends. In fact, many attacks rely on buffer overflows and other low-level vulnerabilities precisely in order to subvert control flow.”Languages such as Java and C# can help, he added, but there is a lot of code not written in those languages. Still, tools such as Sage, from Microsoft Research Redmond, help fix such vulnerabilities.In another approach, pursued at Microsoft Research’s Silicon Valley, Redmond, and Cambridge facilities, instrumentation provides the desired control-flow guarantees. The instrumentation can be inserted by binary rewriting or with the help of compilers.Auditing, the third component of Lampson’s “gold standard,” is particularly useful in services in which authentication and authorization are rather rudimentary. Free email, for instance, is easy to get and use, but this is true both for legitimate users and for attackers, and, in addition, passwords can be stolen. So the challenges are to distinguish legitimate users from attackers and to detect compromised accounts. A recent Microsoft Research Silicon Valley project uses Windows Live Hotmail social graphs to distinguish good accounts from bad.Another Microsoft Research Silicon Valley effort works with Bing to examine how attackers abuse search engines. SearchAudit identifies malicious queries from search-engine logs to enable the analysis and the blocking of attacks.Abadi closed his presentation by noting that during the French revolution, designer Jean-Démosthène Dugourc created a deck of playing cards in which the royal figures—kings, queens, and jacks—were replaced by images reflecting revolutionary concepts such as freedom, equality, and … security.“One does not often think of security as an exciting revolutionary value,” Abadi concluded, “but certainly some degree of security is crucial for many of the revolutionary applications of computing.”Now, as Microsoft Research’s anniversary approaches the home stretch, we head from the coast of the Pacific Ocean to that of the Atlantic.
Photograph attribution: Gallica / Bibliothèque Nationale de France (bnf)