{"610376":{"#nid":"610376","#data":{"type":"news","title":"School of Computer Science Researchers Make Investigating Multi-host Attacks Easier","body":[{"value":"\u003Cp\u003ERTAG, a new tool created by School of Computer Science researchers, makes investigating cyberattacks across multiple computers on a network more efficient by reducing attack analysis times by as much as 90 percent.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EMany cyberattacks are investigated using dynamic taint analysis. This approach monitors how data flows through a system by labeling inputs and tracking them as the software processes them. Yet taint analysis normally uses considerable time and memory, making it a slow and expensive method. It also can track on only one computer (or host) in the network, making a large-scale attack hard to follow.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERTAG, however, makes the attack analysis independent, so each investigation can be performed in parallel. It also distributes tags according to the size of the problem, optimizing memory.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERTAG deploys three methods to make investigations more efficient:\u003C\/p\u003E\r\n\r\n\u003Cp\u003E1.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003Cstrong\u003ERecord-replay\u003C\/strong\u003E separates dynamic taint analysis from execution runtime, which allows the system to work more efficiently. Because the analysis and resolving tag processes are not entirely synchronized, they can be performed in parallel.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E2.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003Cstrong\u003ESyscall-level provenance \u003C\/strong\u003Esimplifies the workload of dynamic taint analysis. It also advises tag allocation in a more efficient way.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E3.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003Cstrong\u003EEmbedded tags\u003C\/strong\u003E allow the tag to move from one host to another, enabling the investigation to take place on more than one computer and shorten the workload.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;RTAG is an important cornerstone technique for enabling practical investigation on multi-host attacks, which are more prevalent these days,\u0026rdquo; said Ph.D. student \u003Ca href=\u0022https:\/\/sites.google.com\/site\/yangji\/\u0022\u003E\u003Cstrong\u003EYang Ji\u003C\/strong\u003E\u003C\/a\u003E.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERTAG decreases memory consumption by up to 90 percent and reduces overall analysis time by 60 to 90 percent compared to previous investigation systems.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERTAG is part of a $4.5 million Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) project called \u003Ca href=\u0022https:\/\/www.news.gatech.edu\/2015\/07\/30\/georgia-tech-receives-42-million-military-research-better-secure-data-transfer\u0022\u003ETHEIA\u003C\/a\u003E. The objective is to improve how data is tracked between computers, internet hosts, and browsers for optimized cybersecurity.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe researchers presented this result at \u003Ca href=\u0022https:\/\/www.usenix.org\/conference\/usenixsecurity18#about\u0022\u003EUSENIX\u003C\/a\u003E in the paper \u003Ca href=\u0022https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/jia-yang\u0022 target=\u0022_blank\u0022\u003E\u003Cem\u003EEnabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking\u003C\/em\u003E\u003C\/a\u003E\u003Cstrong\u003E\u003Cem\u003E \u003C\/em\u003E\u003C\/strong\u003Eby SCS Ph.D. students\u003Cem\u003E \u003C\/em\u003EJi,\u0026nbsp;\u003Cstrong\u003E \u003C\/strong\u003E\u003Cstrong\u003E\u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/~mfazzini\/\u0022\u003EMattia Fazzini\u003C\/a\u003E\u003C\/strong\u003E,\u0026nbsp;\u003Cstrong\u003E\u003Ca href=\u0022https:\/\/www.linkedin.com\/in\/joey-allen-0802a299\/\u0022\u003EJoey Allen\u003C\/a\u003E\u003C\/strong\u003E,\u0026nbsp;and \u003Cstrong\u003E\u003Ca href=\u0022https:\/\/www.scs.gatech.edu\/content\/evan-downing\u0022\u003EEvan Downing\u003C\/a\u003E\u003C\/strong\u003E; postdoctoral fellow \u003Cstrong\u003E\u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/~slee3036\/\u0022\u003ESangho Lee\u003C\/a\u003E\u003C\/strong\u003E; and Assistant Professor\u0026nbsp;\u003Cstrong\u003E\u003Ca href=\u0022http:\/\/cyber.gatech.edu\/taesoo-kim\u0022\u003ETaesoo Kim\u003C\/a\u003E\u003C\/strong\u003E, Professor\u0026nbsp;\u003Cstrong\u003E\u003Ca href=\u0022http:\/\/cyber.gatech.edu\/alessandro-orso\u0022\u003EAlessandro Orso\u003C\/a\u003E\u003C\/strong\u003E, and Professor\u0026nbsp;\u003Cstrong\u003E\u003Ca href=\u0022http:\/\/cyber.gatech.edu\/wenke-lee\u0022\u003EWenke Lee\u003C\/a\u003E\u003C\/strong\u003E.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"RTAG makes dynamic taint analysis more efficient. "}],"uid":"34541","created_gmt":"2018-08-27 14:19:31","changed_gmt":"2018-08-27 14:45:11","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2018-08-27T00:00:00-04:00","iso_date":"2018-08-27T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"610377":{"id":"610377","type":"image","title":"RTAG image","body":null,"created":"1535381061","gmt_created":"2018-08-27 14:44:21","changed":"1535381061","gmt_changed":"2018-08-27 14:44:21","alt":"magnifying glass","file":{"fid":"232428","name":"images.jpg","image_path":"\/sites\/default\/files\/images\/images_1.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/images_1.jpg","mime":"image\/jpeg","size":7137,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/images_1.jpg?itok=t9krISA9"}}},"media_ids":["610377"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["tess.malone@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}