Dartmouth’s Sergey Bratus is on a mission to protect the Internet from cyber attacks and other criminal enterprises. It’s a big job.
Among his concerns about what he calls the “ubiquitous Internet insecurity” are credit card and identity theft and other misuses of the information highway. “We also hear reports of Internet infringement by repressive regimes targeting computers and smartphones of dissidents and protesters across the world,” says Bratus, a research assistant professor in the Department of Computer Science.
“The moment you connect something to the Internet, there is a very high chance that it will get compromised,” says Bratus. “To close the loopholes that enable this, we need to revisit the fundamentals of how systems are designed.”
While not an advocate of rebuilding the entire Internet from scratch, he wants to give software developers tools with which they can build code that checks messages, data files, and documents to make sure they are legitimate, and discard them if they are not.
“We need to reevaluate certain decisions, in particular those centered around data—how we keep data; how we represent data; how we encode data,” he says.
Bratus traces the current systems vulnerability back to the early days of the Internet and the naiveté of software developers who designed applications and systems loaded with features and capable of future expansion. “The resulting increase in complexity and ambiguity has opened doors to unauthorized entry by individuals and organizations.”
To communicate these issues to fellow software developers, Bratus, his colleagues, and students have embarked on a series of workshop presentations, including the January SCADA (supervisory control and data acquisition) Security Scientific Symposium in Florida. With graduate student Rebecca Shapiro and Julian Bangert ’14, he spoke in December to the Chaos Communications Congress in Hamburg, Germany, and at the USENIX Security Symposium in San Diego, Calif., in August.
Along with pioneering technologists Meredith Patterson and the late Len Sassaman, Bratus is regarded as one of the founders of the scientific approach known as Language-Theoretic Security, named for its application of a formal language theory approach to improving security.
Bratus and Patterson are among the organizers of the upcoming Language-Theoretic Security Workshop at the Institute of Electrical and Electronics Engineers (IEEE) Security and Privacy Symposium in San Jose, Calif.
“We are getting the message out,” says Bratus, “but we are still a voice in the software wilderness.”