GEEKOUT: Cyber Security with Brendan Saltaformaggio

Jump to Podcast File.
Download File


Additional content from Brendan Saltaformaggio on Cyber Security and the incredible work being done at Georgia Tech.


[analog radio tuner scanning stations]
[big band swing rendition of Ramblin' Wreck from Georgia Tech]
[interposed voices of Steve McLaughlin] ...sounds incredibly sounds have abilities that span...I'm really geeking out here.
[applause and laugh track]
[big band swing rendition of Ramblin' Wreck from Georgia Tech]

Steve McLaughlin: Say a little bit more about the kinds of students that are in your lab, because I think many of the listeners are Georgia Tech engineers, engineers as well, or maybe even some high school students thinking about studying engineering. What kinds of tools or experience or background do your students have and what's a typical kind of activity for the students in your group?

Brendan Saltaformaggio: So my group, we work with a range of students, everything from first-, second-year undergraduates who have an interest in cybersecurity all the way up to, you know, the most advanced Ph.D. students that I have who are leading and proposing new projects. The normal skill set that I'd be looking for is definitely an interest in protecting devices or investigating devices. Someone who's, you know, really interested in tearing down these kind of complex systems and seeing what kind of evidence exists within them.

In general, this is someone with a computer science or computer engineering background, generally would know how to program or be interested in data analytics maybe even some machine learning. We have done a little bit of that in my lab as well. But really anyone with a curiosity for cybersecurity is welcome to join.

Steve McLaughlin: And so I know a little bit. There was a day where I wrote a lot of computer code, but I know that some of our listeners have thought about coding or maybe even done some coding themselves but probably at a small scale. You know, some of these programs that you're talking about are thousands, hundreds of thousands, of lines of code long. And so can you say how you detect the malware, because you don't have a human going in and looking line-by-line looking for the good lines of code and the bad lines of code? Can you say are a little bit more about that for folks that maybe know a little bit about coding and have done some coding? How do you detect the malware?

Brendan Saltaformaggio: So that's actually one of the hardest parts of doing our research in a cybersecurity research group; you have these very large complex applications and you have to now figure out the little, tiny kernels of it that might be malicious or at least might be suspicious and warrant looking at. One of the ways we do this is we look at the good behavior of an application. So say, you definitely want your camera application to take pictures for you; that's a good behavior. But you don't want your camera application to then send those pictures out over the internet to someone else. And if we can run this camera application enough and we can figure out all the different executions that it can do, sometimes we will see it sending these pictures out over the internet and we can isolate the code that's doing this malicious behavior.

Steve McLaughlin: And so then in cases like that, you would need a human to try to define, you know, unacceptable behavior for a particular application, but then you translate that into some automatic way of detecting that. Is that kind of how you do it?

Brendan Saltaformaggio: You would be surprised. I have some brilliant Ph.D. students that can get very creative. So I’ll give you an example: When you download an application, there's always a little blurb about what exactly that application does. Now that blurb says this application takes pictures and takes pictures only. Maybe I can automatically figure out what the app is supposed to be doing, and then identify things that are not described in that blurb. For example, maybe your application takes pictures but is requesting permission to the internet. Why would an application that only takes pictures request permission for the internet? And in these sorts of cases we can automatically figure out what the good behavior is and what the bad behavior might be.

Steve McLaughlin: Are you thinking about the malware detection research that you're doing—are you thinking about commercializing that technology?

Brendan Saltaformaggio: I'm very glad to be at Georgia Tech. There's a huge infrastructure here to support startup companies by Ph.D. students or master’s students or even very bright senior undergraduates that come up with these brilliant ideas. And in my lab, I'm always supporting any of my students that want to spin off some of these great malware detection or cyber forensics techniques into a little startup company or even seek other entrepreneurial opportunities. For so many years now, these companies have just been growing and growing and growing, and they've been trying to develop new applications and new tools that are going to make consumers happy, that people are going to be interested in, that people are going to pay money for without much concern for privacy being built in from the ground up. And so now you're seeing situations where companies are finding themselves on huge stockpiles of personal information that people have shared with them because of how useful their products are; Facebook is a great example. Google is a great example.

But now that we're seeing problems arise with access to this personal information, companies are having to go back and rethink how they protect users’ information that they've been storing all this time. One of the best ways we've seen recently is companies just being more transparent, being able to tell you all the information that they know about you and then allow you to give them feedback— “Yes, I want you to know this about me.” “No, perhaps you should delete this from your database.” And this is a great way to give control of that personal data back to consumers and back to the users of these products.

That and, yeah, what a alley-oop to ransomware, right?

[Ramblin' Wreck from Georgia Tech marching band rendition]