[Seminar] Automatic intrusion recovery with system-wide history
Georgia Institute of Technology
■ 호스트: 전병곤 교수(x1928, 02-880-1928)
Virtually any computer system can be compromised. New software vulnerabilities are discovered and exploited daily, but even if the software is bug-free, administrators may inadvertently make mistakes in configuring permissions, or unaware users may click on buttons in application installers with little understanding of its consequences. Recovering from those inevitable compromises leads to days and weeks of wasted effort by users or system administrators, yet with no conclusive guarantee that all traces of the attack have been cleaned up. This talk will present our work on automatic intrusion recovery, which aims to restore system integrity by efficiently and precisely detecting and undoing changes made by past intrusions.
Taesoo Kim is an Assistant Professor in Computer Science at Georgia Tech, where he recently joined after finishing his Ph.D. at MIT. He is interested in building a system that has underline principles for why it should be secure. Those principles include the design of a system, analysis of its implementation, and clear separation of trusted components. His thesis work, in particular,focused on detecting and recovering from attacks on computer systems. He has developed tools that would detect intrusion and discover which parts of the operating system could have been affected, allowing a systems administrator to recover from an attack without excessive manual effort. His thesis work has been a foundation of a company, Nerati, where he has co-founded with colleagues during his graduate study. He holds a BS from KAIST (2009), a SM (2011) and a Ph.D. (2014) from MIT, all in CS.