Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Using “offensive technologies” to secure networks

Network security researchers to focus on attacks and defense
By Bob Brown , Network World , 05/14/2007

The First Usenix Workshop on Offensive Technologies is coming to Boston on Aug 6. It’s hard to resist an event called WOOT, even though we weren’t quite sure what it was all about. So we shot an e-mail to Tal Garfinkel, a Ph.D graduate student in Stanford University’s computer science department and one of WOOT’s program chairs, and asked him to explain.

What do you mean exactly by “offensive technologies”?

There are many ways to chop up the conceptual space of computer security. One way is by grouping technologies into those required for attack and defense. The primary focus of traditional academic computer security has been defense. Intrusion detection, access control, bug detection/prevention and the like. The primary focus of much of the more "black hat" or "grey hat" communities has been offensive technologies -- techniques for exploiting software weaknesses, reverse engineering, information gathering, evading detection and the like. Interestingly, for any given question in the defensive space -- for example, how do you defend against keyloggers? -- there is a dual in the offensive space, such as: How do you design a better keylogger? By understanding both perspectives, one gets a deeper understanding of computer security, and for many years one side has informed the other.

Many of us have read some of the black hat magazines, read the code of attack tools, and followed the state of the art in attack to inform our view of defense. However, the coverage of that side of the equation has often been spotty. The editorial quality of places like Phrack is quite low, and the lack of peer review means sometimes the veracity of claims being made is questionable. In black hat, for example, the metric for quality often seems to be how much news the hype about your work induces, rather than how original, important or credible your claims are.

Why the need for this separate workshop from the broader Usenix Security Symposium taking place that week in Boston?

While attack technologies have definitely been part of forums like Usenix Security for a while, the bar for publishing new attack work is quite high in terms of novelty and certain topics (such as reverse engineering, malware design, automatic exploit development) are often overlooked entirely. Often there is work that would really be helpful to have in the literature to help researchers understand the state of the art in offensive practice, that simply doesn't fit the model of what we are currently looking for in academic conferences. The absence of this work not only means we have a less than complete literature to draw from, but also tends to exclude many practitioners who have a lot of valuable stuff to contribute to the academic discourse.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comments (9)
Login
Forgot your account info?

How then?By Tricia G on August 22, 2007, 11:06 amSo what are the suggestions for those who aren't computer savey? How does the average person (you know the one that has to get the teenager next door to help w/...

Reply | Read entire comment

Thanks!By Antonio Maa on May 21, 2007, 5:01 pmThanks Neil! Just one more comment ;-) . The situation you describe is not only applicable to security. Unfortunately, it applies to all aspects of computing....

Reply | Read entire comment

Security is in your hands!By Neil Robinson on May 17, 2007, 1:21 pmHi, Antonio, I've followed security trends over the years and it saddens me to see the cynical way the security industry continues to roll-out old technology...

Reply | Read entire comment

Definition of withinBy Tal Garfinkel on May 17, 2007, 12:20 pmBy "within" the permitter I meant, inside, as in not the permitter but beyond. i.e. everything behind the firewall.

Reply | Read entire comment

Interesting. I share your opinion!By Antonio Maa on May 17, 2007, 11:21 amHi Neil, Thanks for the link. Very interesting indeed. Essentially, my first message was about agreeing with your comment, while not really understanding the...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...