11
Enhancing Security of Real-World Enhancing Security of Real-World Systems with a Better Understanding Systems with a Better Understanding of Threatsof Threats
Shuo ChenShuo ChenPh.D. Candidate in Computer SciencePh.D. Candidate in Computer ScienceCenter for Reliable and High Performance Center for Reliable and High Performance ComputingComputingUniversity of Illinois at Urbana-ChampaignUniversity of Illinois at Urbana-Champaign
22
Security Threat Analysis and Mitigations in Real-Security Threat Analysis and Mitigations in Real-World SystemsWorld Systems– How errors in hardware and software impose security How errors in hardware and software impose security
threats to real-world systems? (common threats to real-world systems? (common characteristics?)characteristics?)
– How effective are current defense techniques? How effective are current defense techniques? (substantial deficiencies?)(substantial deficiencies?)
– How to build better defenses?How to build better defenses? Analysis-centric research approachAnalysis-centric research approach
– Study hardware memory errors Study hardware memory errors impact on system impact on system securitysecurity
– Software vulnerabilities reported in Bugtraq and CERT Software vulnerabilities reported in Bugtraq and CERT databases, source code of vulnerable applicationsdatabases, source code of vulnerable applications
– Current attack methods and defense techniquesCurrent attack methods and defense techniques– Analysis results motivate the development of new Analysis results motivate the development of new
defense techniques.defense techniques. Many areas related to my dissertationMany areas related to my dissertation
My DissertationMy Dissertation
33
I as a System Hacker/BuilderI as a System Hacker/Builder
Summer’01, Avaya Labs, Basking Ridge, NJSummer’01, Avaya Labs, Basking Ridge, NJ– PortPort Libsafe Libsafe to Windows NT/2000. to Windows NT/2000.
Summer’02, Bell Labs, Holmdel, NJSummer’02, Bell Labs, Holmdel, NJ– Detection of network denial of service attacksDetection of network denial of service attacks– Hack FreeBSD TCP/IP, network card drivers Hack FreeBSD TCP/IP, network card drivers
Summer’03, Microsoft Research, Redmond, WASummer’03, Microsoft Research, Redmond, WA– Audit-enhanced authentication in KerberosAudit-enhanced authentication in Kerberos– NTOS security subsystem, Kerberos, LSA, NTDLLNTOS security subsystem, Kerberos, LSA, NTDLL
Summer’04, Microsoft Research, Redmond, WASummer’04, Microsoft Research, Redmond, WA– A tracing technique to identify the dependencies of A tracing technique to identify the dependencies of
Windows applications on Administrator privilegesWindows applications on Administrator privileges– NTOS security subsystem, access/privilege checking, NTOS security subsystem, access/privilege checking,
application interactions with NTOS application interactions with NTOS
44
OutlinesOutlines
Analyzing and Identifying Security Analyzing and Identifying Security Threats on Real-World SystemsThreats on Real-World Systems– Security compromises due to HW/SW Security compromises due to HW/SW
memory corruptionsmemory corruptions– A type of memory corruption attacks A type of memory corruption attacks
currently believed to be rare is a currently believed to be rare is a realisticrealistic threat. threat.
– Deficiencies of current defense techniquesDeficiencies of current defense techniques
New Defense Techniques Towards a New Defense Techniques Towards a Better Security ProtectionBetter Security Protection– A common characteristic of memory A common characteristic of memory
corruption attacks: corruption attacks: pointer taintednesspointer taintedness– A theorem proving based program analysisA theorem proving based program analysis– A runtime detection techniqueA runtime detection technique
Analyses
Solutions
55
Analyzing and Identifying Analyzing and Identifying Security Threats on Real-World Security Threats on Real-World SystemsSystems
66
Threat of Hardware Memory Threat of Hardware Memory ErrorsErrors
Attacker Target hostFirewall (IPChains and Netfilter)
Due to hardware memory errors, packets can penetrate firewalls
Attacker Network server (FTP and SSH)
Due to hardware memory errors, users can log in with arbitrary passwords
Emulate random hardware memory errorsEmulate random hardware memory errors A stochastic model to estimate such threats in real environmentsA stochastic model to estimate such threats in real environments Motivate other researchers to conduct physical fault injectionsMotivate other researchers to conduct physical fault injections
– Java type system subverted due to random hardware memory errors.Java type system subverted due to random hardware memory errors.
77
Threat of Software VulnerabilitiesThreat of Software Vulnerabilities
CERT Advisories: CERT Advisories: 66% vulnerabilities are low 66% vulnerabilities are low level memory errors in software.level memory errors in software.
Widely exploited by attackers, worms and viruses.Widely exploited by attackers, worms and viruses.
Format String 7%
Globbing2%
Heap Corruption
8%
Integer Overflow
6%
Buffer Overflow
44%
Other33%
88
Execute malicious code
Overwrite a return address
Embed malicious contents in input
State Machine Model: WU-FTP Server AttackState Machine Model: WU-FTP Server Attack
get an FTP command
Authentication;x = user ID
repeat
FTP_service()
seteuid(x)
SITE_EXEC(fn)
printf(fn,…)
seteuid(0) exec(“/bin/sh”)
99
Overwrite function pointer foo
Corrupt heap structure
Execute malicious code
State Machine Model: NULL-HTTP Server State Machine Model: NULL-HTTP Server AttackAttack
process HTTP headerp=malloc(…)
repeat
HTTP_service()
HTTP_POST()
recv(p,…)
seteuid(0) exec(“/bin/sh”)
free(p)
*foo()
1010
Control Data Attack: Well-Known, Control Data Attack: Well-Known, DominantDominant
Control data:Control data:– data used as targets of call, return and jump.data used as targets of call, return and jump.– widely understood as security critical widely understood as security critical
elementselements
Control data attack: the most dominant Control data attack: the most dominant form of memory corruption attacks form of memory corruption attacks [CERT and Microsoft Security Bulletin][CERT and Microsoft Security Bulletin]
Many current defense techniques: to Many current defense techniques: to enforce program control flow integrity to enforce program control flow integrity to provide security. provide security.
1111
Non-control-data attacksNon-control-data attacks
Currently very rare in reality.Currently very rare in reality.
One instance suggested by Young One instance suggested by Young and McHugh in 1987.and McHugh in 1987.
How applicable are such attacks How applicable are such attacks against many real-world against many real-world software? software? – Not studied yet, but important.Not studied yet, but important.
1212
An Important QuestionAn Important Question
Are attackers in general incapable to mount Are attackers in general incapable to mount non-control-data attacks against many real non-control-data attacks against many real systems?systems?
– PROBABLY NOT!PROBABLY NOT!
– Random hardware memory errors can subvert the Random hardware memory errors can subvert the security of real-world systems with a non-negligible security of real-world systems with a non-negligible probability.probability.
– Software vulnerabilities are more deterministic and Software vulnerabilities are more deterministic and more amenable to attacks.more amenable to attacks.
– Each attack exploiting software vulnerabilities is Each attack exploiting software vulnerabilities is composed by multiple primitive components. Allow composed by multiple primitive components. Allow potentially polymorphic attacks. Dangerous.potentially polymorphic attacks. Dangerous.
1313
Our Claim: General Applicability Our Claim: General Applicability of Non-control-data Attacksof Non-control-data Attacks
We claim:We claim:– Many real-world software applications are Many real-world software applications are
susceptible to non-control-data attacks. susceptible to non-control-data attacks. – The severity of the attack consequences is The severity of the attack consequences is
equivalent to that due to control data attacks. equivalent to that due to control data attacks.
Validate the claim by constructing non-Validate the claim by constructing non-control-data attacks to get the root control-data attacks to get the root privilege on major network serversprivilege on major network servers– FTP, HTTP, SSH and Telnet servers FTP, HTTP, SSH and Telnet servers – Over 1/3 of vulnerabilities in CERT advisoriesOver 1/3 of vulnerabilities in CERT advisories
Non-control-data attacks are realistic Non-control-data attacks are realistic threats.threats.
1414
Non-control-data attack against Non-control-data attack against WU-WU-FTPFTP Server (via a format string bug) Server (via a format string bug)
int x;FTP_service(...) { authenticate(); x = user ID of the authenticated user; seteuid(x); while (1) { get_FTP_command(...); //vulnerable if (a data command?) getdatasock(...); }}getdatasock( ... ) { seteuid(0); setsockopt( ... ); seteuid(x);}
x=109, run as EUID 0
x uninitialized, run as EUID 0
x=109, run as EUID 109. Lose the root privilege!
Get a special SITE EXEC command. Exploit a format string vulnerability.x= 0, still run as EUID 109.
x=0, run as EUID 0
x=0, run as EUID 0
When return to service loop, still runs as EUID 0 (root). Allow me to upload /etc/passwdI can grant myself the root privilege!
Only corrupt an integer, not a control data attack.
Get a data command (e.g., PUT)
1515
Non-control-hijacking attack against Non-control-hijacking attack against NULL-HTTPNULL-HTTP Server (via a heap overflow Server (via a heap overflow bug)bug)
Attack the configuration string of CGI-BIN Attack the configuration string of CGI-BIN path.path.
Mechanism of CGIMechanism of CGI– suppose server name = www.foo.comsuppose server name = www.foo.com
CGI-BIN = /usr/local/httpd/exe CGI-BIN = /usr/local/httpd/exe – Requested URL = http://www.foo.com/cgi-bin/barRequested URL = http://www.foo.com/cgi-bin/bar– The server executesThe server executes
Our attackOur attack– Exploit the vulnerability to overwrite CGI-BIN to /binExploit the vulnerability to overwrite CGI-BIN to /bin– Request URL http://www.foo.com/cgi-bin/shRequest URL http://www.foo.com/cgi-bin/sh– The server executes The server executes
The server gives me a root shell!Only overwrite four characters in the CGI-BIN string.Not a control data attack.
//usr/local/httpd/exeusr/local/httpd/exe//barbar
/bin/bin/sh/sh
1616
Non-control-data attack againstNon-control-data attack against SSH SSH CommunicationsCommunications SSH Server (via an integer SSH Server (via an integer overflow bug)overflow bug)
void do_authentication(char *user, ...) { int auth = 0; ... while (!auth) { /* Get a packet from the client */ type = packet_read(); switch (type) { ... case SSH_CMSG_AUTH_PASSWORD: if (auth_password(user, password)) auth =1; case ... } if (auth) break; } /* Perform session preparation. */ do_authenticated(…);}
auth = 0
auth = 0
auth = 1
Password incorrect, but auth = 1
auth = 1
Logged in without correct password
1717
More non-control-hijacking More non-control-hijacking attacksattacks
Against Against NetKitNetKit Telnet server (default Telnet Telnet server (default Telnet server of server of Redhat LinuxRedhat Linux))– Exploit a heap overflow bugExploit a heap overflow bug– Overwrite two strings:Overwrite two strings:
/bin//bin/loginlogin –h –h foo.comfoo.com -p (normal scenario) -p (normal scenario) /bin//bin/shsh –h –h –p–p -p (attack scenario) -p (attack scenario)
– The server runs /bin/sh when it tries to The server runs /bin/sh when it tries to authenticate the user.authenticate the user.
Against Against GazTekGazTek HTTP server HTTP server– Exploit a stack buffer overflow bugExploit a stack buffer overflow bug
Send a legitimate URL http://www.foo.com/cgi-bin/barSend a legitimate URL http://www.foo.com/cgi-bin/bar The server checks that “/..” is not embedded in the URLThe server checks that “/..” is not embedded in the URL Exploit the bug to change the URL to Exploit the bug to change the URL to
http://www.foo.com/cgi-bin/http://www.foo.com/cgi-bin/../../../../bin/sh../../../../bin/sh The server executes /bin/shThe server executes /bin/sh
1818
Implications of Non-Control-Data Implications of Non-Control-Data AttacksAttacks
Control flow integrity is not a Control flow integrity is not a sufficiently accurate approximation sufficiently accurate approximation to software security.to software security.
Many types of non-control data Many types of non-control data critical to securitycritical to security
Once attackers have the incentive, Once attackers have the incentive, they are likely to succeed in non-they are likely to succeed in non-control-data attacks. control-data attacks.
1919
Re-Examining Current Defense Re-Examining Current Defense TechniquesTechniques
Many of them are based on control Many of them are based on control flow integrityflow integrity– Monitor system call sequences Monitor system call sequences – Protect control dataProtect control data– Non-executable stack and heapNon-executable stack and heap
Pointer encryption Pointer encryption PointGuardPointGuard Address space randomizationAddress space randomization StackGuardStackGuard, , LibsafeLibsafe and and FormatGuardFormatGuard Building a generic and secure defense Building a generic and secure defense
technique: still an open problem. technique: still an open problem.
2020
Pointer TaintednessPointer Taintedness Detection: Detection: Towards a Better Security Towards a Better Security Protection for Real-World Protection for Real-World SystemsSystems
2121
Pointer TaintednessPointer Taintedness
Pointer Taintedness: a pointer : a pointer value, including a return address, is value, including a return address, is derived from user input. derived from user input.
Most memory corruption attacks are Most memory corruption attacks are due to pointer taintedness. due to pointer taintedness.
Pointer taintedness: a unifying Pointer taintedness: a unifying perspective for reasoning about perspective for reasoning about many security attacks.many security attacks.
2222
Most Memory Corruption Attacks are Most Memory Corruption Attacks are Due to Pointer TaintednessDue to Pointer Taintedness
Format string attack Format string attack – Taint an argument pointer of functions such Taint an argument pointer of functions such
as as printf, sprintf printf, sprintf andand syslog. syslog. Stack buffer overflow (stack smashing)Stack buffer overflow (stack smashing)
– Taint a frame pointer or a return address.Taint a frame pointer or a return address. Heap corruption Heap corruption
– Taint the free-chunk doubly-linked list Taint the free-chunk doubly-linked list maintaining the heap structure.maintaining the heap structure.
globbingglobbing attack attack – User input resides in a location that is used User input resides in a location that is used
as a pointer by the parent function of as a pointer by the parent function of glob().glob().
2323
Internals of Stack Buffer Overflow Internals of Stack Buffer Overflow Attacks Attacks
Vulnerable code: char buf[100]; strcpy(buf,user_input);
Return addrReturn addr
Frame pointerFrame pointer
buf[99]buf[99]
……
buf[1]buf[1]
buf[0]buf[0]
High
Low
Sta
ck g
row
th
buf
user_input
Frame pointer or return address can be tainted.
2424
ap: argument pointer
fmt: format string pointer
Internals of Format String Internals of Format String AttacksAttacks
In vfprintf(), if (fmt points to “%n”) then **ap = (character count)
Vulnerable code: recv(buf); printf(buf); /* should be printf(“%s”,buf) */
\xdd \xcc \xbb \xaa %d %d %d %n
……
%n%n
%d%d
%d%d
%d%d
0xaabbccdd0xaabbccdd
fmt: format string pointer
ap: argument pointer
High
Low
Sta
ck g
row
th
*ap is a tainted value.
2525
Internals of Heap Corruption Internals of Heap Corruption AttacksAttacks
Free chunk A
Free chunk Bfd=Abk=C
Allocated buffer buf
Free chunk C
user
inpu
t
Vulnerable code:buf = malloc(1000);recv(sock,buf,1024);free(buf);
In free():B->fd->bk=B->bk; B->bk->fd=B->fd;
When B->fd and B->bk are tainted, the effect of free() is to write a user specified value to a user specified address.
2626
Building Defense Techniques Building Defense Techniques based on Pointer Taintednessbased on Pointer Taintedness
Static code analysis: analyze the Static code analysis: analyze the source code to extract the source code to extract the conditions under which the conditions under which the possibility of pointer taintedness possibility of pointer taintedness exists.exists.– To uncover potential vulnerabilitiesTo uncover potential vulnerabilities
Runtime detection: monitor at Runtime detection: monitor at runtime whether a tainted value is runtime whether a tainted value is dereferenced as a pointer.dereferenced as a pointer.– To defeat memory corruption attacksTo defeat memory corruption attacks
2727
Static Analysis about Pointer Static Analysis about Pointer Taintedness: Taintedness: To Extract Security Specifications of Library To Extract Security Specifications of Library FunctionsFunctions
IFIP International Information Security Conference 2004
2828
Library function specifications Library function specifications are crucial to secure are crucial to secure programmingprogramming
Library function specifications are specified Library function specifications are specified empirically empirically – printf(fmt,…), strcpy(d,s), free(p), glob(p), printf(fmt,…), strcpy(d,s), free(p), glob(p),
strtok(s,del), savestr(p),strtok(s,del), savestr(p), …. ….
A unified reason why these specifications A unified reason why these specifications are requiredare required– Required to eliminate pointer taintedness.Required to eliminate pointer taintedness.
Extraction of security specifications of a Extraction of security specifications of a function is reduced to a theorem proving function is reduced to a theorem proving tasktask
Formal and complete specifications Formal and complete specifications required by compiler techniques to check required by compiler techniques to check application source code for security.application source code for security.
2929
Semantics of Pointer Semantics of Pointer TaintednessTaintedness Formal definition of program semantics is Formal definition of program semantics is
required for theorem proving.required for theorem proving.– Currently defined using an equational logic Currently defined using an equational logic
frameworkframework
Taintedness-aware memory modelTaintedness-aware memory model– The logic framework defines operations to fetch the The logic framework defines operations to fetch the
content and test the taintedness (true/false) of each content and test the taintedness (true/false) of each memory location.memory location.
Incorporate pointer taintedness into program Incorporate pointer taintedness into program semanticssemantics– Define program semantics at the assembly level to Define program semantics at the assembly level to
reason about memory layout.reason about memory layout.– Load/Store/ALU instructions: propagate taintedness Load/Store/ALU instructions: propagate taintedness
from source data to destination data.from source data to destination data.– Input functions (scanf, recv and recvfrom)Input functions (scanf, recv and recvfrom)
Axiom: The memory locations in the receiving buffer are Axiom: The memory locations in the receiving buffer are tainted immediately after these function calls.tainted immediately after these function calls.
3030
Extracting Function Extracting Function Specifications by Theorem Specifications by Theorem ProverProver
C source code of a library function
formal semantic representation
Automatically translated to formal semantic representation
Theorem generation
Theorem proving
A set of sufficient conditions that imply the validity of the theorems. They are the security specifications of the analyzed function.
For each pointer dereference in an assignment, generate a theorem stating that the pointer is not tainted
3131
Example: Example: vfprintf()vfprintf()
int vfprintf (FILE *s, const char *format, va_list ap){ char * p, *q; int done,data,n,state; char buf[10]; p=format; done=0; if (p==NULL) return 0; state=NO_PENDING; while (*p != 0) { if (state==NO_PENDING) {
if (*p=='%') state=PENDING; else outchar(s,*p); }
else { switch (*p) { case '%': outchar(s,'%')
break;case 'd': data=va_arg (ap, int);
if (data<0) { outchar(s,'-'); data=-data; }
n=0; while (data>0 && n<10) {
buf[n]=data%10+'0'; data/=10;
n++; } while (n>0) { n--; outchar(s,buf[n]); } break;case 's': q=va_arg (ap, char *); if (q==NULL) break; while (*q!=0) {
outchar(s,*q)q++; }
break;case 'n': q= va_arg(ap,void*) ;
*(int*) q = done;break;
default: outchar(s,*p)}state=NO_PENDING;
} p++; } return done; }
Theorem1: buf+n should not be a tainted value
Theorem2: q should not be a tainted value
3232
Extracting the Specifications of Extracting the Specifications of vfprintf()vfprintf()
Try to prove the two theoremsTry to prove the two theorems The theorem prover cannot complete the proof The theorem prover cannot complete the proof
initially initially – only valid under certain preconditions.only valid under certain preconditions.
Add these preconditions as axioms to the theorem Add these preconditions as axioms to the theorem prover.prover.
Repeat until both theorems are proved.Repeat until both theorems are proved.
Four preconditions are added: the specifications of Four preconditions are added: the specifications of vfprintf (FILE *s, const char *format, va_list ap)– apap never points to any location within the current function never points to any location within the current function
frame.frame.– *ap*ap never points to the location of variable ap, i.e., never points to the location of variable ap, i.e., *ap *ap
&ap&ap– Suppose the memory segment that Suppose the memory segment that apap sweeps over is sweeps over is
called called ap_activitiy_rangeap_activitiy_range, then , then *ap*ap never points to any never points to any location within location within ap_activitiy_rangeap_activitiy_range..
– No locations within No locations within ap_activitiy_rangeap_activitiy_range are tainted before are tainted before vfprintf()vfprintf() is called. is called.
Suggest the scenario of format string vulnerability
itera
te
3333
Other Studied ExamplesOther Studied Examples Function Function strcpy()strcpy()
– Four security specifications indicating buffer overflow, Four security specifications indicating buffer overflow, buffer overlapping and buffer underflow scenarios buffer overlapping and buffer underflow scenarios causing pointer taintedness.causing pointer taintedness.
Function Function free()free() of a heap management system of a heap management system– Seven security specifications are extracted, including Seven security specifications are extracted, including
several specifications indicating several specifications indicating heap corruption vulnerabilities.vulnerabilities.
Socket read functions of Apache HTTP Server and Socket read functions of Apache HTTP Server and NULL HTTP ServerNULL HTTP Server– Apache function is proven to be free of pointer Apache function is proven to be free of pointer
taintedness.taintedness.– Two (known) vulnerabilities are exposed in the theorem Two (known) vulnerabilities are exposed in the theorem
proving process of NULL HTTP Server function. proving process of NULL HTTP Server function.
3434
Runtime Pointer Taintedness Runtime Pointer Taintedness Detection: Detection: To Defeat Memory Corruption AttacksTo Defeat Memory Corruption Attacks
To appear in IEEE Conference on Dependable Systems and Networks, 2005.
3535
The TechniqueThe Technique
A processor architectural level A processor architectural level mechanism to detect pointer mechanism to detect pointer taintednesstaintedness– On SimpleScalar simulatorOn SimpleScalar simulator
Implemented a taintedness-aware memory Implemented a taintedness-aware memory system system
Extened instructions to track taintednessExtened instructions to track taintedness
– To show the validity of pointer To show the validity of pointer taintedness concept on whole programs taintedness concept on whole programs of real applicationsof real applications Network serversNetwork servers SPEC 2000 integer benchmarksSPEC 2000 integer benchmarks
3636
Evaluations on Real-World Evaluations on Real-World SoftwareSoftware Evaluation Evaluation
– Effectiveness of detectionEffectiveness of detection– No false alarm in any application evaluatedNo false alarm in any application evaluated– Transparent to applicationsTransparent to applications– A small number of potential attack scenarios A small number of potential attack scenarios
undetected. undetected.
Pointer taintedness detection can be Pointer taintedness detection can be applied to the whole program of real applied to the whole program of real software software – offers a substantial improvement on security offers a substantial improvement on security
protection. protection.
3737
ConclusionsConclusions
3838
ConclusionsConclusions
Many real-world software can be compromised Many real-world software can be compromised by corrupting non-control data. by corrupting non-control data. – It is insufficient to rely on control flow integrity for It is insufficient to rely on control flow integrity for
software security.software security.
Pointer taintedness is a unifying perspective to Pointer taintedness is a unifying perspective to reason about most memory corruption reason about most memory corruption vulnerabilities/attacks. vulnerabilities/attacks.
Reasoning about pointer taintedness is a Reasoning about pointer taintedness is a promising direction to enhance security on real-promising direction to enhance security on real-world systemsworld systems
– A theorem proving based code analysis approachA theorem proving based code analysis approach
– A runtime pointer taintedness detection mechanismA runtime pointer taintedness detection mechanism
3939
Future DirectionsFuture Directions
Short term goalsShort term goals– Provide a higher degree of automation for the Provide a higher degree of automation for the
theorem proving technique.theorem proving technique.– Reduce the intrusiveness of the runtime pointer Reduce the intrusiveness of the runtime pointer
taintedness detection techniquetaintedness detection technique Combine with the theorem proving technique. The Combine with the theorem proving technique. The
processor only checks function preconditions.processor only checks function preconditions.
Long term goalsLong term goals– Extract programming styles susceptible to security Extract programming styles susceptible to security
attacks. Can compilers detect bad programming attacks. Can compilers detect bad programming styles?styles?
– Identify a broader range of non-traditional security Identify a broader range of non-traditional security threats. threats.
– Study historical data about how security Study historical data about how security vulnerabilities were discovered, reported and vulnerabilities were discovered, reported and patched.patched.
– Decompose the behaviors of viruses, worms and Decompose the behaviors of viruses, worms and rootkits to a number of basic building blocks.rootkits to a number of basic building blocks.
4040
Summary of My Research Summary of My Research MethodologyMethodology Analysis-centric approachAnalysis-centric approach
– A significant amount of effort in my A significant amount of effort in my dissertation is on analysis. dissertation is on analysis.
– Starting from the reality (usually a mess) to Starting from the reality (usually a mess) to define problems!define problems!
I am a data analysis personI am a data analysis person– Excited to analyze real data and incidentsExcited to analyze real data and incidents– Tedious? Sometimes, but it is a step toward a Tedious? Sometimes, but it is a step toward a
lot of fun.lot of fun.– Rewarding? Definitely. Especially important Rewarding? Definitely. Especially important
for systems research.for systems research.– Goal: strongly motivate research topics that Goal: strongly motivate research topics that
solve problems in the reality. solve problems in the reality.
Top Related