Colloquium: Improving Security at an Internet Scale: A Data-Driven Approach

The state of security across the Internet is poor, and it has been so for years. Meanwhile, attacks have become ever more frequent and consequential. How do we actually make meaningful progress? To do so, we must move beyond the folklore that heavily influences Internet security practices today, and establish 1) empirical grounding on how and why security problems manifest the way they do across the Internet, and 2) data-driven methods for improving security at an Internet scale. 

In this talk, I will describe my evidence-based and holistic approach to security, illustrated by my work on improving how we remedy security problems (vulnerabilities, misconfigurations, and compromise incidents) for Internet systems. Using a variety of empirical methods, including Internet-wide network measurements, user studies, machine learning, and code analysis, my research systematically identifies how security is managed for Internet systems, factors that contribute to continued vulnerability, and barriers that prohibit the effective remediation of security concerns. Informed by insights from this work, I develop methods and systems for more effective remediation at an Internet scale. 

Coffee and cookies will be available.