Vern Paxson Honored for Best Paper at USENIC Security Symposium
February 6, 1998
Vern Paxson of the Network Research Group was honored for presenting the best paper at the 7th USENIX Security Symposium held January 26-29, 1998, in San Antonio, Texas. In his paper entitled “Bro: A System for Detecting Network Intruders in Real-Time,” Vern described the stand-alone system he set up to monitor network traffic into the Lab as a means of stopping security breaches. Because of the sensitive nature of Internet security and the desire of security system providers to protect their products, Vern said there is little information in the open literature about such monitoring systems. Especially sensitive is any discussion of flaws in the security systems. As Vern designed the Lab’s security monitor, he sought out the flaws and corrected for them. “If you know the flaws, you can evade the system,” he said. “It takes an extra level of deviousness to look for these flaws, and I was pretty devious in my thinking as I put our system together.”
The Lab’s system, call “Bro” in a reference to George Orwell’s ever-watching Big Brother, is a layered system that seeks out certain types of network traffic. The first layer is a general packet filter, which decide which data packets should be examined. The second layer is an “event engine,” which takes the first-level packets and pieces them together into “events,” such as the beginning or end of a connection. The next layer looks for application level events, such as an FTP (file transfer protocol), or search for a user name. Above that is a policy layers, which has special scripts which are invoked for certain events. Should the various layers detect information amounting to an attempted security breach, the system notifies computer security people in real time.
Bro has been running continuously, monitoring network traffic at the Lab since April 1996. In that time, it has detected 85 formal security incidents, some of which have resulted in law enforcement action. When such incidents are found, the Lab also notifies DOE’s Computer Incident Advisory Center (CIAC) at Lawrence Livermore and the Computer Emergency Response Team at WHERE for follow-up as appropriate.
Stu Loken, director of the Information and Computing Sciences Division, said “This recognition of Vern’s outstanding work by others in the computer security field again demonstrates the valuable contributions of the Network Research Group. Working behind the scenes in a field that truly benefits all users of the Internet, this group has helped make scientific networking the successful tool that it is today.”
Vern’s paper is on the Web and a link to it can be found at: http://www-nrg.ee.lbl.gov/nrg-papers.html
About Computing Sciences at Berkeley Lab
The Computing Sciences Area at Lawrence Berkeley National Laboratory(Berkeley Lab) provides the computing and networking resources and expertise critical to advancing Department of Energy Office of Science (DOE-SC) research missions: developing new energy sources, improving energy efficiency, developing new materials, and increasing our understanding of ourselves, our world, and our universe. ESnet, the Energy Sciences Network, provides the high-bandwidth, reliable connections that link scientists at 40 DOE research sites to each other and to experimental facilities and supercomputing centers around the country. The National Energy Research Scientific Computing Center (NERSC) powers the discoveries of 7,000-plus scientists at national laboratories and universities. NERSC and ESnet are both Department of Energy Office of Science National User Facilities. The Computational Research Division (CRD) conducts research and development in mathematical modeling and simulation, algorithm design, data storage, management and analysis, computer system architecture and high-performance software implementation.
Berkeley Lab addresses the world's most urgent scientific challenges by advancing sustainable energy, protecting human health, creating new materials, and revealing the origin and fate of the universe. Founded in 1931, Berkeley Lab's scientific expertise has been recognized with 13 Nobel prizes. The University of California manages Berkeley Lab for the DOE’s Office of Science. The DOE Office of Science is the United States' single largest supporter of basic research in the physical sciences and is working to address some of the most pressing challenges of our time. For more information, please visit science.energy.gov.