Dissertation Defense

Leveraging the Cloud for Software Security Services

Jonathan Oberheide

This thesis seeks to leverage the network cloud to provide improved protection
against modern security threats, allowing for dramatic improvements and
asymmetric gains beyond what is possible with current approaches and architectures.
Indeed, many of the critical security problems facing the Internet and its users
are inadequately addressed by current security technologies. Current security
measures often are deployed in an ad-hoc or host-based model, limiting their
efficacy against modern malicious threats. However, recent
advancements in the past decade in cloud computing and high-speed networking
have ushered in a new era of software services. Software services that were
previously deployed on-premise in organizations and enterprises are now being
outsourced to the cloud, leading to fundamentally new models in how software
services are sold, consumed, and managed.

This thesis focuses on how novel software security services can be deployed
that leverage the cloud to scale elegantly in terms of their
capabilities, performance, and management. First, a method of performing
detection of malicious software in the cloud to protect end hosts is presented.
That method is also adapted to provide protection to mobile devices, an
ever-increasing target for malicious attackers. Next, the benefits of applying
cloud-oriented architectures for the application of malware analysis is explored.
A method for large-scale classification of malicious software is presented as
well as a method of evaluating the efficacy of antivirus evasion techniques, to
emphasis that the benefits of the cloud can be leveraged by both legitimate and
malicious parties. Lastly, to demonstrate the benefits of cloud-oriented
architectures in other security services outside the realm of malicious software,
we present a method for robustly computing cryptographic signatures across an
end host, mobile device, and cloud service.

Thesis Statement: By leveraging properties inherent to the network
cloud, it is possible to design new classes of security services that offer
improved detection of malicious threats, perform large-scale classification
and analysis, and enable deployment of novel security technologies that
scale elegantly in terms of capabilities, performance, and management.

Sponsored by

Farnam Jahanian