Students launching computer 'attacks' to bolster information security

computer labStudents at SUNY Oswego and two other colleges will launch computer attacks in a virtual environment in a project designed to improve information security in the real world.

SUNY Oswego, Iowa State and Oberlin College are collaborating to create and test a virtual security platform, and impart resulting lessons to other colleges, under a National Science Foundation Institutional Development grant.

Oswego will receive $60,000 of the funding over a two-year period mainly to pay students to develop and test the platform and lessons, said James Early, who is coordinating Oswego’s part of the project.

The project involves scalable virtual machine laboratory systems—virtual systems and computers recreated within an actual computer—and exercises where students attack and defend those systems.

“Once we develop these virtual machines and virtual networks, we can launch attacks on them,” said Early, an assistant professor of computer science. “We can use this virtual lab and platform to see how machines can attack one another, how computers can be affected, how to mitigate attacks. While this would damage real networks and computers, at the end of the exercise, we can press a button and everything will be like they were before.”

The work aims to stem such dangerous invasions as spyware that can lead to identity theft, as well as more common viruses, worms and denial of service attacks.

“Unfortunately, attackers have figured out a way to do these things. What we’re trying to do is stay one step ahead of them,” said Early, who is developing Oswego’s first information security course.

Early compared it to “an arms race” where “we’re constantly trying to figure out where vulnerabilities exist in the system, why they are there, how to mitigate their impact.”

The project also will develop faculty workshops and an information-security curriculum and make them available to colleges everywhere so students entering the computer science field can avoid mistakes and vulnerabilities that endanger networks and users, he said. “Society is putting a lot of trust in us to do it right, and we could do more to be worthy of that trust,” Early added.

The grant will fund workshops at SUNY Oswego to bring in educators from around New York and surrounding states, Early said.

“The platform is one we want to make freely available because every computer science student needs to have some exposure to this,” he noted. The hope is to share the project with other educators and provide course materials as a turnkey system other colleges can use.

Oswego students will become a “barometer of what students can accomplish in a given semester, how we can best organize information to maximize development” of the curriculum, Early said. “We’ll have the more technically advanced students setting up the platform, running programs, planning attacks and planning defense to mitigate attacks.”

That work and the resulting dissemination is “something that’s going to have an important impact beyond the campuses involved,” Early said. “Hundreds, maybe thousands of computer science students across the United States will learn what can happen when steps are not taken, but also how to take preventative steps in the first place.”

- END -

PHOTO CAPTION: Security measures—James Early, right, of SUNY Oswego’s computer science department will coordinate the local part in a three-college project on information security. Students at Iowa State, Oberlin College and Oswego will develop virtual computing systems, then attack and defend them to learn more about vulnerabilities in real networks. Early is shown talking to senior computer science major Ryan Mann in Snygg Hall on campus.

CONTACT: James Early, 312-3195, earlyjp@cs.oswego.edu

(Posted: Oct 15, 2008)

Tags: research news: student opportunities