12:45PM, Thursday, October 13th 2005.
Gates 104

Principles of Reactive Worm Defense

Nicholas Weaver
ICSI, Berkeley

About the talk:
Worms, self-propagating malicious code, have spread worldwide in less than 10 minutes and could potentially be even faster, with plausible global reach in under 2 seconds.  Due to their extreme speed, any reactive defense needs to be purely automatic.                                                  
But what principles might underly such defenses?  We begin with a notion from the military community, the OODA loop, as a method of describing how adversaries work.  We simplify this formulation to describe automatic OODA loops, which naturally encompass Detection, Analysis, Response, and Collaboration.
The time scales involved in communication are often the limiting factor, so we explore time scales for worm propagation and different collaboration strategies.  We also explore two basic response strategies, containment and blocking, and how they interact with collaboration.

Finally, we put everything together to try to describe concepts for defending a monoculture P2P network, arguably the most vulnerable ecology, from a fast-spreading worm.

About the speaker:
Nicholas Weaver is a researcher at ICSI in Berkeley.