Computer worms seem to pose a great threat to the overall security of the Internet. For example, Code Red II-a worm that was detected on July 19, 2001-infected more than 20,000 hosts in less than 24 hours. The creator of a worm can use the infected hosts to cause immense damage. He/She can launch a massive DDoS (Distributed Denial of Service) attack to prevent access to government or corporate websites. Even worse, when a worm remains undetected, the creator can silently access sensitive data in the infected hosts.

In the first part of the talk I will analyze the threat of current, and future, Internet worms. I will start by presenting the spreading mechanism of current worms. Understanding these mechanisms will help us discuss 3 analytical models that we can use to describe the behavior of a worm and quantify the threat. Although the models are based on different assumptions (such as different Internet topologies), all models suggest that Internet worms are much more malignant than any known human virus. Then, on the basis of the proposed models we will see that future worms-worms that use more sophisticated spreading mechanisms-may, almost instantly, infect 300,000 hosts, practically giving the worm's creator control over the whole Internet.

Is the Internet inevitably vulnerable to future worms? We will discuss this question in the second part of the talk. We will consider a cyber equivalent to the Centers for Disease Control (CDC) aimed to protect the Internet from worms. We will outline the design requirements for this center, as well as open research questions about how to implement such a center.

This talk is based on three recently published papers:

1. Stuart Staniford, Vern Paxson, and Nicholas Weaver. "How to 0wn the Internet in Your Spare Time". In the Proceedings of the 11th USENIX Security Symposium, 2002.
2. Romualdo Pastor-Satorras and Alessandro Vespignani. "Epidemic Spreading in Scale-Free Networks". Physical Review Letters Vol 86(14), 2001.
3. Changchun Zou, Weibo Gong, and Don Towsley. "Code Red Worm Propagation Modeling and Analysis". 9th ACM Conference on Computer and Communications Security, 2002.

The two most popular methods of doing public-key signatures and encryption are elliptic curves (ECC) and integer factorization (RSA). This talk will cover the basics of public-key signatures and a comparison of ECC and RSA. No prior knowledge of security or of deep mathematics is required. The strengths and weaknesses of RSA and ECC will be discussed in some depth, with relative times of various operations considered. Applications, both currently deployed and in the plans for future development, will be given.

About the speaker:
Dr. Doug Kuhlman received his bachelor's degree in mathematics, computer science, and religion from Wartburg College in 1995. He received a Ph.D. in mathematics with emphases on algebraic number theory and arithmetic geometry from the University of Illinois at Urbana-Champaign in 2000. He is currently employed by Motorola, Inc, where he does broad-ranging security research, with a special affinity for public-key cryptology. His current addiction is Civ 3:PTW and he harbors an unnatural love of Tolkien's works.

Microsoft's new ".NET" programming model has a security infrastructure based on trusting code. Traditional security models assume that all software run by a user is trustworthy, and only limit what operations the user is allowed; adding code security acknowledges that some of the code we run - such as downloaded from the Internet - is less trustworthy than shrinkwrapped application code. This talk will describe the basic technologies for code security, and look at its application, discussing what real-world problems this does and does not solve.

About the speaker:
Loren has several distinguished accomplishments in his career. As part of his B.S. thesis while working for Ron Rivest at MIT, Loren invented the digital certificate. From 1997-1999 at Microsoft, he managed the security aspects of Internet Explorer versions 4.0 and 5.0. This work included design of the "security zones" feature, security bug response and security penetration testing. From 2000-2002, Loren was Program Manager for the .NET Common Language Runtime (CLR) security, on both the design and attack sides. He currently runs a security and systems consulting company (http://www.handonsoftware.com).