Personal Technical Distinctions - Vijay Varadharajan
In this information age with large scale distributed heterogeneous technologies (ranging from fixed networks to wireless and mobile networks, fixed distributed applications and services to mobile software and applications to small devices and sensors to large scale cluster computing and large scale distributed databases and ever growing social networking applications), with each of these technologies having multiple platforms and many vendors providing different solutions, together with different types of users from individuals to small and medium enterprises to large corporations and governments, Vijay's believes the key role of a technologist is essentially about providing information and services at the right time, at the right place and that are trustworthy and dependable and that adds value to the users, which enhances the quality of their lives.
Experience and Expertise
Vijay's research has been in the area of computing, systems and network security for more than 30 years. An important characteristic of his research is that it has involved a range of areas in Computer Science, Engineering, Information Systems and Business Applications. In some sense, the security technology has acted as a thread that has sewn these multi facets of Systems, IT and Engineering together, that is, Security in -- Networks, Operating Systems, Distributed Systems, Wireless and Mobile Systems, Middleware, Distributed Applications, Software Design, Models and Policies, as well as Business Applications in different industry segments such as Telecoms, Finance, Healthcare and Ecommerce as well as their deployment and their management. In fact, such unique expertise and experience is vital in the field of cybersecurity as securing the system as a whole is critically important and a system is as secure as its weakest link.
1981-1984 - Secure PRESTEL Viewdata System: Vijay developed a secure file and communication system that allowed secure transfer of data using a Apple 2e machine over public switched telephone network, and also enabled storage of data in British Telecom server as "PRESTEL" pages. PRESTEL is a British Telecom system for storing data as "web" pages in the early 1980s. It predates world wide web as well as Minitel in France. Vijay's work was used by Royal Bank of Scotland to store bank statements of users in secure encrypted form. This was the first secure integrated communication and file storage system of its kind in 1982 using DES encryption and Diffie Hellman public key distribution scheme which allowed secure PRESTEL pages accessible over public networks. (Part of PhD Thesis sponsored by British Telecom Research Labs, U.K).
1981-1984 - Factorisation Based Trapdoor Cryptographic Systems: Vijay developed a theoretical foundational basis for factorization based trapdoor systems using ideal theory during 1981-1984. The RSA system, still today the most well known factorization based trapdoor system, had been published in 1978/79. RSA's public key scheme works on the ring of integers and is based on the difficulty of factoring large integers. The theoretical framework Vijay developed is a basis for the design of a class of factorisation based trapdoor systems, including public key systems over other mathematical structures, such as matrix rings, polynomial rings and algebraic number fields, as well as the ring of integers of RSA. He derived constraints for which such systems will work and, from a practical point of view, at the time, suggested the matrix system as a useful one because it could apply to images. His comprehensive framework remains today the most complete piece of work in this area of factorization trapdoor. (Part of PhD Thesis: Techniques for Securing Computer Communications, Sponsored by British Telecom Research Labs, U.K, 1984)
Late 1980s and early 1990s - Formal models for evaluation of secure systems: In the mid to late 1980s, Vijay worked on the design of formal models (i) for networked secure systems and (ii) for network security protocols.
He proposed information flow security models which were based on Petri nets and then showed that such information flow security nets can be composed and refined. In principle, this approach could form the basis of the design of large scale secure systems â€“ specifically, one could build verifiable small components, then compose them into systems, so that by design we would have certain properties. He was the first to demonstrate that if (a) we were to specify the security of a system in terms of an information flow security property and (b) we were to model systems using Petri nets (which can be designed in practice), then for the specified security property, we can achieve secure composition and refinement. Vijay's demonstration used just one property and identified a class of systems that was big enough to be seen as useful. This was a key achievement at the time and attracted major attention in the security community, which was very much focussed on the evaluation of secure systems, notably with the development of criteria such as the DoD Orange Book. Nevertheless, Vijay recognised that achieving secure composition and refinement of large systems, while possible in principle, would not be easy at all in practice because of complexity and the level of abstraction used to describe security parameters. Even now, over 20 years later, we are not able to achieve this in general.
A further contribution in the front-line of that time, and well ahead of research in the security community, was the use of model-based checking for verification of security properties in protocols and systems. His early works in 1988/89 used linear time and branching time temporal logic based model checking in the verification of security properties of key distribution and authentication protocols. This approach re-emerged around 2006 and some early resurgent work, for example at the US Naval Research Lab (Cathy Meadows), Stanford (John Mitchell) and ETHZ (David Basin) can be traced back to the late
Late 1980s and early 1990s: Network Security: Secure LAN-MAN System and IEEE 802.10 Security Architecture. Vijay led a team at Hewlett-Packard Labs working on network security, including security of LANs, MANs, SMDS, Frame Relay and Broadband networks. This team was the first to develop a complete secure network system design for LAN-MAN based network architectures. They implemented an entire demonstration system on a LAN-MAN network between Bristol, UK and Palo Alto, USA. This work led to numerous and significant contributions to IEEE 802 Standards development in security. The group also later was the first to show the IEEE 802.10 Security Architecture in operation in practice.
Late 1980s and Early to mid 1990s - Proxy and Propagation of Privileges and Open Software Foundation (OSF) Distributed Computing Environment (DCE): Over the same period, Vijay also worked on distributed systems security, starting from secure RPC (Remote Procedure Call) and building to secure DCE. DCE is a model and toolset for developing client/server applications, produced by the OSF, a mainstream computer industry consortium, in the early 1990's. Vijay led HP Labs' Initiative on Distributed Systems Security and his work contributed to the development of the security architecture of and protocols in DCE. In particular, his work on secure proxy and delegation protocols were adopted by Hewlett-Packard as well as the OSF for its DCE offerings.
Early to Mid 1990s - Language-based security policy specification, Distributed Authorization and Praesidium: In early 1990, Vijay and one of his team members, Philip Allen, pioneered work on a language based approach to specification of security policies at HP. This approach was widely adopted from the late 1990s and today remains the major approach for developing security policies. Vijay and his team extended this work to develop the theory and design of a distributed authorization model and system, which were then integrated with DCE. The complete Hewlett-Packard implementation of the authorization system, called Praesidium Authorization Server, had large scale deployment and was a very successful commercial product from the mid-1990s to the early 2000s, generating over a billion of dollars each year for 5 years.
In addition to leading the technical work, Vijay also championed the adoption of the work both inside and outside HP. In so doing he played a significant influencing role in the creation of a cross-division Early Adopter Program, and then worked with that program, which evolved into a full scale Division at Hewlett Packard, the Cooperative Computing Systems Division (CCSY). CCSY employed a team of more than 100 people on a permanent basis. Praesidium also received the Most Innovative Security Product Award in London in 2000 by SC Security Magazine.
Late 1990s to Mid 2000s - The Web Services Authorisation Architecture and policy extension to XACML: Vijay's work on distributed authorization models and systems continued with authorization in distributed object systems and web services. Amongst the various works was a major piece of work is the design of distributed authorization architecture for web service based service oriented architectures (2002-2008). A significant outcome of this was the development of a web services authorization architecture (WSAA) layer on top of the web security layer in the service oriented architecture. The WSAA layer provided the flexibility for supporting multiple types of authorization policies and mechanisms. Vijay and his team integrated the WSAA layer with Microsoft's .NET environment and demonstrated a comprehensive solution to securing electronic patient records in a distributed system. This work produced additional outcomes including policy extensions to the XML Access Control Language (XACL), which have now been incorporated into XACML. The XACML (eXtensible Access Control Markup Language) standardised by the global consortium, OASIS (Organization for the Advancement of Structured Information Standards) defines a declarative access control policy language. Was awarded Microsoft Trustworthy Computing Award for this work.
Early to Mid 2000s - Distributed Denial of Service (DDoS) countermeasures: In the early 2000s, Vijay focussed on security attacks on networks and in particular distributed denial of service (DDoS) attacks. He and his team first developed techniques for counteracting DDoS attacks in the Internet. These techniques were implemented in 2003-2004 and were shown to be more efficient than other techniques known at the time for the Internet. The work received publicity in the popular press and subsequently was supported for further development over a few years by the Australian Defence Department and then by the National Science and Security Technology (NSST) program of the Australian Government Dept of Prime Minister and Cabinet. The techniques were further extended to wireless LANs, 3G networks and beyond-3G mobile networks. An important outcome was security architecture for detecting DDoS type attacks over heterogeneous networks involving wired, wireless and mobile networks. This work is being continued at present taking into account wireless sensor networks.
Early to Mid 2000s - Mobile Agents Security: Vijay's work on security enhanced mobile agent model and comprehensive security architecture for mobile agents addressed significant challenges in securing agent based Internet applications. This is where programs and data move between different systems and devices over different network infrastructures. This work was conceived when Vijay was working at Microsoft Research at Cambridge with well known Prof Roger Needham from Cambridge University. Once again this work not only has been published in top rated venue (e.g. ACM CCS), but also led to two practical secure Internet based prototype applications, Internet Flight Finder and Electronic Auction.
Mid to Late 2000s - New trust model and architecture for mobile ad hoc networks (MANETs): Over the period 2003-2009 Vijay addressed security challenges in MANET protocols and was successful in providing a basis for the delivery of a trustworthy and secure operational layer for MANETs. This work provided a comprehensive approach to MANET security in 3 dimensions detection/reaction dimension, enforcement dimension and prevention dimension. This research was supported by the Australian Dept of Defence over several years. The outcomes were a new trust enhanced security model and architecture for MANETs. The trust model took into account the dynamic nature of mobile nodes and used this trust model to determine when and how to do dynamic key management, recognising that there may not be any long-lived centralised trust authority. The new comprehensive security architecture for MANETs integrated trust, fellowship and secure routing to provide prevention and detection-reaction systems. A fully operational system based on the work was implemented. Deployment of MANETs is likely to play an increasing and vital role in networks of the future.
Late 1990s to to-date - The notion of Hybrid Trust and Trust Enhanced Security in Trusted Computing: One of the major threads of Vijay's research since the 1980s has been design issues about trust and trusted authorities in trusted computing. Recognition of the standing of his work on authorities (certificate, credential management, decision and evaluation) led to his appointment from 1998-2000 as a member of the Advisory Board for the Trusted Computer Platform Alliance (TCPA), which formulated Trusted Platform Module (TPM) specifications. TPMs now have become more or less pervasive, being supported by over 300 companies, and are widely used today in computers (e.g. PCs) and other devices. In this trusted computing space, Vijay's focus since 2005 has been how to enhance secure decision making using notions of trust. He coined the phrase "trust enhanced security" to refer to the use of a hybrid trust evaluation to enhance the quality of secure decision making, such as an authorization decision or a routing decision or an electronic commerce transaction, or more generally any interaction decision. Hybrid trust combines both hard trust characteristics (such as certificates and credentials) and soft trust characteristics (such as reputation and social trust parameters). Vijay has elaborated several instances of hybrid trust models and has applied them in various information systems contexts, including in mobile agent application software, in mobile network ad hoc routing protocols, and in the base computing platform environment. He continues to advance research in this area of trust enhanced security.
Late 2000s to to-date â€“ Dynamic Policy based Secure Virtualization: A major work that Vijay and his team have been doing over the recent years has been in secure virtualization systems. One important security challenge is how to achieve secure and dynamic sharing of virtual resources among co-operating virtual machines in different distributed physical platforms. His work developed a dynamic security policy based model and architecture that enforced access and information flow between multiple applications in virtual machines taking into account malware attacks in virtual machines and changes in trust of users and platforms. A unique feature of this system is the bringing together security, trust and virtualization in an integrated model able to respond to dynamically changing security attacks and trust by adapting security policies to increase resilience. The key is the feedback element from security attacks and trust changes which dynamically changes security policies thereby providing resilience; this is critical in future large scale cloud based systems. This research has been supported by the Dept of Prime Minister and Cabinet and the Dept of Defence.
Late 2000s to to-date: Malware and Software Security: Vijay and his team has been working over the recent years on understanding in detail the advanced persistent threats (APTs) and how they are implemented including spread methods and evasion techniques. This work has led to development of some novel techniques of their own as to how to evade anti-virus and other security techniques as well as application of these techniques to smart grid environments.
A novel attack vector that targets anti-virus during updates was developed, and how the whole system and the anti-virus itself can be compromised during updates. This design vulnerability was demonstrated with several major anti-virus software products such as Avira, AVG, McAfee, Microsoft and Symantec.
This work then led on to a new Anti-Virus Parasitic Malware (AV-Parmware), which attacked protected components of anti-virus software by exploiting their security weaknesses, and compromised the target systems by being a parasite on the anti-virus. Such a parasitic anti-virus malware can cause significant damage and countermeasures to overcome such a malware were then created for existing major anti-virus software.
Then a new technique called feature-distributed malware has been developed that dynamically distributed the malware features to multiple software components in order to bypass various security mechanisms such as application white-listing and anti-virus' behavioural detection. This technique epitomizes the new trends in malware design. Effective defence mechanisms which prevent such malicious components were then proposed.
Another major trend in malware at present is the use of legitimately signed binaries sos they can run even when the code signing mechanism is active. Typically the attacker usually steals code signing private keys from small software vendors, or registers a paper company and has a code signing private key issued from a Certificate Authority. Vijay and his team has developed a new cross verification security mechanism incorporating same-origin-policy into the current code signing mechanism so that only software components from trusted vendors (i.e. signers) can be executed or loaded on the system. This change in the software development process alone can help to prevent several major attacks happening at the present time.
Late 2000s to to-date: Secure Cloud Data Storage: When a user stores data in the cloud, the user has to rely on third parties to make decisions about the data and platform. It is critical to have appropriate security mechanisms that would prevent cloud providers from accessing user's data in a way that has not been agreed upon. It is also important that the user is able to specify a range of useful access policies which control who can access the users' data stored in the cloud. Vijay and his team have developed a novel policy based access control scheme for cloud data storage, which enables the data owner to encrypt the data and store it in the cloud in such a way that only users who satisfy the access policies specified by the owner are able to decrypt the data. The cloud provider cannot decrypt the stored data in the cloud if the policy does not give access to the cloud provider, and hence trust on the cloud provider reduced. The access policies are specified using role based access control, as this is widely used in the real world by enterprises and users. The developed scheme integrates cryptography with role based access control to achieve efficient secure data storage in the cloud. A prototype has been developed using Amazon cloud services AWS to demonstrate the system practicality, performance and effectiveness. This work also obtained the prestigious Wilkes Award 2011 (named after Sir Maurice Wilkes, Cambridge University).
Late 2000s to to-date: Security as a Service for Cloud: The focus of this work is on the security services that a cloud provider can offer as part of its infrastructure to its customers (tenants). It is a design of a security architecture that has the ability to provide "Security-as-a-Service model for a cloud"; this security as a service model the cloud provider can offer to its customers (tenants) as well as customers of its tenants. It is based on recognizing different cloud customers (tenants) having different security requirements. For instance, a tenant running financial services can require more security measures than a tenant providing basic web hosting. The proposed architecture specifies a default baseline set of security services for all customers (needed for maintaining the security of the ecosystem), while offering additional security services on top of the baseline for other customers requiring greater security. The proposed security architecture and services are currently undergoing evaluation. We believe such a Security-as-a-Service model for cloud is likely to be the trend in the future as cloud providers begin to adopt security and privacy as a differentiator to their offerings compared to their competitors.
Main Current Focus: is in the design of new services and applications that combine technologies of Cloud Computing, Big Data and Internet of Things, and the various Security, Privacy and Trust challenges they give rise to and the potential for the design of new techniques and technologies.