7 years in PowerPoint format

Wu-chang Fengwuchang@cs.pdx.edu

Fond memories of RTCL

● The closed door of 2222 EECS

Stay in school, fool!

When can I graduate?– Never asked this question, but one that was much worse

Can I stay longer?–A career year thanks to Prof. Shin and Dilip

After graduation

● San Francisco (1999-2001)● Proxinet => Puma Technology => Pumatech => Intellisync

joined left

Finding my Feng Shui to Oregon

● 2001-present

Academic hijinx!

● Mergers and acquisitions only happen in industry, right?– OGI => OHSU => Portland State University

“Donning sporty eye-patches and brandishing cutlasses (figuratively), computer profs at Portland State University staged a raid on Oregon Graduate Institute. The downtown university snatched 10 tech professors from the Oregon Health & Science University subdivision, instantly upping its digital cred.”

Willamette Week, Sept. 22, 2004http://www.wweek.com/story.php?story=5527

Current coordinates in Portland

Oregon

And now for something completely different….

Research!

The Forensix Computer TiVo

● Motivation– Analyzing and recovering from hacking incidents is a costly,

time-consuming, human-intensive task● Goal of Forensix

– Build a computer system “TiVo”● Automatic analysis and replay of all activity on a computer

– Build a computer analogy to “Back to the Future”● Selectively “undo” all activity that a hacker has performed

The Forensix Computer TiVo

● What about the costs?– Forensic investigator time is expensive– Computing and storage resources are cheap and plentiful

● $80 ~ 1 year replay log (small web server)● 10-20% performance degradation

– Cost proposition becomes more favorable every day● Status

– Fully functional prototype● Replay Shell (demo), Process Tree, Selective undo

http://forensix.sourceforge.net/

The Forensix Computer TiVo

● Current work– Generalizing the approach

● From flat event logs to useful state reconstruction● Audits contain changes of state● Queries look at system state at a given time or over a given time

interval

– Useful for other applications (distributed network diagnosis)● Failed network connection● Reconstructing network state from distributed event logs to debug

cause

Network-layer proof-of-work

● Motivation– Undesirable communication is currently uncontrollable

● Spam, viruses, worms, denial-of-service attacks

– Client puzzles● A proposal for controlling harmful network communication● Force a client to solve a hard puzzle before giving service

● IP puzzles– Add client puzzles into the Internet's fundamental layer to

thwart all possible network attacks

Network-layer proof-of-work

● Status– Fully functional iptables implementation

● 180,000 puzzles/sec on commodity hardware– 1Gbs+ for per-packet puzzles with MTU packets– Puzzle generation ~1µs– Puzzle verification ~1µs, constant amount of state

● Small packet overhead– Puzzle question ~40 bytes– Puzzle answer ~20 bytes

● http://ippuzzles.sourceforge.net/

Network-layer proof-of-work (Take 2)

● Problems with IP puzzles– Flooding the issuer and verifier system

● Developing new cryptographic primitives

– Flooding links leading to puzzle system● Publicly auditable proof-of-work

– Verifiers at client edge● Single puzzle function per source, but per-request work

– Issuer easily protected from flooding

– Is it provably secure?● Provide puzzle protocols with the same provable treatment as other

security protocols

Characterizing On-line Games

● Successful on-line games require enormous infrastructure and satisfied players

● Goal– Characterize aggregate game workloads to provision resources

● Real-time GameSpy aggregate data for over 100 on-line games since 2002.

– Characterize players to better deliver new content and incentives● Complete event log for Eve On-line MMORPG● Complete event log for a popular Counter-strike server

http://www.thefengs.com/wuchang/work/cstrike

Securing On-line Games

● Cheating exists in every on-line game● Directly impacts game revenue

– Causes paying players to quit– Prevents new players from joining

● Goal– Applying bit-commitment and information hiding to ensure

cheat-proof playout

http://www.thefengs.com/wuchang/work/cstrike

Securing On-line Games● Information exposure cheats

– Warcraft3

Securing On-line Games● Information exposure cheats

– Warcraft3 with Maphack (reveal map and enemy units)

Scaling On-line Games● Persistent MMORPGs are big business

– WoW: 6 million paying $15/month (> $1 billion/year)● Traditional client-server model● Content creation by game publisher● Hosting by game publisher

– Public server● Content creation by users● Hosting by users● No persistence

Scaling On-line Games

● Goal– Develop public server MMORPG

● Technical challenges– Managing persistence– Creating a tamper-resistant virtual economy– Handling unstable infrastructure

http://www.thefengs.com/wuchang/work/cstrike