Symantec's WINE System for Repeatable, Data-Intensive Experiments in Cyber Security
The need for such a platform arose from SRL’s program for sharing field data, collected by Symantec on millions of hosts worldwide, with researchers in academia. For example, WINE includes historical information on unknown binaries found on the Internet—providing unique insights into the origins and prevalence of zero-day attacks—as well as telemetry from Symantec’s anti-virus products—indicating the effectiveness of defensive mechanisms (e.g., security patches, anti-virus signatures). In addition to cyber security, the WINE data is relevant to research in machine learning, mobile computing, software reliability, storage systems, and visual analytics. In this talk, I will also discuss the challenges for sharing sensitive data and for establishing a rigorous benchmark for cyber security.
Tudor Dumitraș is a senior research engineer at Symantec Research Labs (SRL), currently building the Worldwide Intelligence Network Environment (WINE). Tudor's prior research focused on improving the dependability of large-scale distributed systems (addressing operator errors during software upgrades), of enterprise systems (addressing the predictability of fault-tolerant middleware), and of embedded systems (addressing soft errors in networks-on-chip). He received the 2011 A. G. Jordan Award, from the ECE Department at Carnegie Mellon University, for an outstanding Ph.D. thesis and for service to the community, the 2009 John Vlissides Award, from ACM SIGPLAN, for showing significant promise in applied software research, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University.