Wednesday, November 19, 12:00pm
Optimizing Sensing: Challenges for Security and Privacy by Andreas Krause
Abstract: Where should we place sensors to quickly detect contamination in drinking water distribution networks? Which data should we acquire about web surfers in order to improve personalized search? These problems share a fundamental challenge: How can we obtain the most useful information about the state of the world, at minimum cost?
Such sensing, or active learning, problems are typically NP-hard, and were commonly addressed using heuristics without theoretical guarantees about the solution quality. In this talk, I will present algorithms which efficiently find provably near-optimal solutions to large, complex sensing problems. Our algorithms exploit submonularity, an intuitive notion of diminishing returns, common to many sensing problems; the more sensors we have already deployed, the less we learn by placing another sensor. In addition to identifying the most informative observations, our algorithms allow to address important security and privacy challenges arising in practical sensing problems. In security-critical applications such as protecting drinking water from contamination, the sensor placements need to be robust against adversaries and sensor failures. In the web search example, acquired data about users should enable effective personalization, while minimizing the incursion in privacy.
I will also present results applying our algorithms to serveral real-world sensing tasks, including environmental monitoring using robotic sensors, trading off utility and privacy in personalized search, and a sensor placement competition.
This talk is mainly based on joint work with Carlos Guestrin and Eric Horvitz.
Biography: Andreas Krause is a Ph.D. Candidate at the Computer Science Department of Carnegie Mellon University. He is a recipient of a Microsoft Research Graduate Fellowship, and his research on sensor placement and information acquision received awards at serveral conferences (KDD '07, IPSN '06, ICML '05 and UAI '05). He obtained his Diploma in Computer Science and Mathematics from the Technische University, where his research received the NRW Undergraduate Science Award. He has accepted a tenure-track position at the California Institute of Technology and will join their Computer Science faculty in January 2009.
Wednesday, November 12, 12:00pm
A Security Architecture for Information Assurance and Availability in MANETs by Angelos Stavrou
Abstract: Currently, End-to-End protection architectures, including pervasive ones such as the Internet Protocol suite, as well as others, typically focus on protecting the network availability ignoring the end-system host or device. Unfortunatey, this leads to attacks against the availability and information assurance of the overall system including host-based denial of service attacks and data ex-filtration. In MANETs, such attacks become even more debilitating because each node has a dual role acting both as a source and as a router.
To address such attacks, we extend the protection beyond the network encompassing the host end-system platform. By isolating each application policies on the end hosts, we extend our ability to scalably and effectively enforce policies beyond network communications to memory, file I/O, and inter-application communications. However, the functions are not merely those of a seperation kernel, as applications must interact with the underlying host OS and other applications, whenever permitted by policy.
A direct implication of our architecture is that the realization of the end-to-end security protection system must include specific security mechanisms on the host that would be able to isolate services and regulate their resources. Our approach exploits the complementary strengths of four well-known components: lightweight virtualization, kernel-level resource management, mandatory access control (MAC) frameworks, and stackable file systems. Finally, we show that our system does not incur significant resource overhead or performance degradation making it appropriate for real-time applications on resource constraint platforms.
This is joint work with Dr. Anup Ghosh.
Biography: Angelos Stavrou is Assistant Professor in the Department of Information and Software Engineering and a member of the Center for Secure Information Systems at George Mason University, Fairfax, Virginia. He received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. He is a member of the ACM, the IEEE, and USENIX.
Wednesday, October 22, 12:00pm
Deterministic Symmetric Encryption and its Applications by Alexandra Boldyreva
Abstract: Outsourcing data to a remote, untrusted database server is an application of emerging importance. Deterministic symmetric-key encryption allows the server to answer users' queries efficiently. At first we focus on basic, exact-match query functionality, and then extend our treatment to prefix-matching and then to range queries as well. We propose serveral searchable encryption schemes that are practical and provably-secure. The schemes are easy to implement and are based on standard cryptographic primitives such as block ciphers, symmetric enryption schemes, and message authentication codes. Our solution to supporting range queries introduces a new cryptographic primitive, a deterministic order-preserving encryption scheme, which is of independent interest. Biography: Alexandra Boldyreva is an Assistant Professor in the School of Computer Science at the Georgia Institute of Technology. She received a Ph.D. in Computer Science from the University of California at San Diego in 2004. She is a recipient of the NSF CAREER award. Her research interests are in cryptography and information security.
Wednesday, October 15, 12:00pm
Inferring Sensitive Information from Public Data by Alessandro Acquisti
Abstract: I will present results from a study of privacy risks associated with information sharing in online social networks. Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. They are no longer niche phenomena: millions use them for communicating, networking, or dating. These networks are successful examples of computer-mediated social interaction. However, they also raise novel privacy concerns, which our research aims at quantifying. In this study, we evaluate the risks that information publicly provided may be used to gather additional and potentially more sensitive data about an individual, exploiting the online profile as a 'breeding' document. Specifically, we consider ways in which knowledge of an individual's personal information (PI) can lead to the estimation of sensitive and unavailable personal identifying information (PII); and ways in which identified or indentifiable data can lead to the re-identification of otherwise pseudonymous data. (Joint with Ralph Gross.)
Biography: Alessandro Acquisti is an Assistant Professor of Information Technology and Public Policy at the H. John Heinz III School of Public Policy and Management at Carnegie Mellon University. He is also a member of the CMU Usable Privacy and Security Laboratory, a member of CMU Privacy Technology Center, and a member of CMu Cylab. Prior to joining CMU Faculty, he researched with the Internet Ecologies group at the Xerox PARC labs in Palo Alto (as intern); with the Human-Centered Computing group at RIACS, NASA Ames Research Center (as visiting student); and at SIMS, UC Berkeley, where he received a Master and a Ph.D. in Information Systems in 2001 and 2003. He received a Master in Economics from Trinity College, Dublin, in 1999; and a Master in Econometrics and Mathematical Economics from the London School of Economics also in 1999. Alessandro received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the IBM Best Academic Privacy Faculty Award in 2005, and chaired the DIMACS Workshop on Information Security Economics and the WEIS Workshop on the Economics of Information Security in 2007. He has co-edited the book: "Digital Privacy: Theory, Technologies, and Practices" (2008, Auerbach).
Wednesday, October 8, 12:00pm
Cryptographic Techniques for Oblivious Database Access by Matt Green
Abstract: In 2006, America Online accidentally published the web search histories for more than 650,000 of their customers. Although the data was anonymized, simple analysis of the customers' query patterns revealed deeply private information about their identities and interests. This example illustrates how increasingly dependent we are on third parties who not only provide us with our data, but must be trusted to protect our privacy in the way we access it. In this talk we will discuss new cryptographic techniques for constructing "privacy-preserving" databases that conceal users' identities and query patterns. In such a database, even the trusted database operator does not learn which records its users access. At the same time, we show how such a database may still enforce sophisticated (and history-dependent) access control policies limiting which records each user may obtain. The techniques we will discuss include two new protocols for efficient, adaptive Oblivious Transfer, as well as new access control mechanisms derived from e-Cash techniques.
Biography: Matthew Green is a Ph.D. student at Johns Hopkins University, currently completing his dissertation in the field of applied cryptography. His work focuses on privacy-preserving protocols and Identity-Based Encryption.
Wednesday, October 1, 12:00pm
To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads by Sam Small
Abstract: We present an automated, scalable method for crafting dynamic responses to real-time network requests. Specifically, we provide a flexible technique based on natural language processing and string alignment techniques for intelligently interacting with protocols trained directly from raw network traffic. We demonstrate the utility of our approach by creating a low-interaction web-based honeypot capable of luring attacks from search worms targeting hundreds of different web applications. In just over two months, we witnessed over 368,000 attacks from more than 5,600 botnets targeting serveral hundred distinct webapps. The observed attacks included serveral exploits detected the same day the vulnerabilities were publicly disclosed. Our analysis of the payloads of these attacks reveals the state of the art in search-worm based botnets, packed with surprisingly modular and diverse functionality.
Biography: Sam Small is a Ph.D. candidate in the Department of Computer Science at Johns Hopkins University. His research interests include system and network security, security for resource-constrained devices, virtualization, and communication networks. Sam holds a B.S. in computer science from the College of William and Mary, an M.S.E. in computer science from Johns Hopkins University, and has served in fellowship programs with the National Institute of Standards and Technology and the National Science Foundation.
Wednesday, September 24, 12:00pm
Implantable Medical Devices: Security and Privacy for Pervasive, Wireless Healthcare by Kevin Fu
Abstract: An increadible array of implantable medical devices treat chronic ailments such as cardiac arrhythmia, diabetes, Parkinson's disease, seizures, and even obesity with various combinations of electrical therapy and drug infusion. These devices use tiny embedded computers to control therapies and collect physiological data. To improve patient care and detect early warning signs, implantable medical devices are rapidly embracing wireless communication and Internet connectivity. Implantable cardioverter defibrillators (ICDs) are wirelessly reprogrammable and relay medical telemetry over the Internet via at-home monitors. Such devices will vastly improve care for chronic disease, but will also introduce fundamentally new risks because of global computing infrastructures such as the Internet that are physically infeasible to secure. Thus, new devices must not only prevent accidental malfunctions, but must also prevent *intentional* malfunctions caused by malicious parties lurking on the network.
Our interdisciplinary research team implemented several software radio-based methods that could compromise patient safety and patient privacy (e.g., disclosing patient data or inducing ventricular fibrillation via a wireless command). Addressing these new risks, our zero-power approaches help to mitigate the risk of intentional malfunctions. Attendees will learn about (1) the challenging security and privacy risks that result from the incorportation of wireless communication and Internet connectivity in healthcare; (2) the key factors for balancing medical safety and effectiveness with security and privacy; and (3) three new zero-power defenses based on RF power harvesting that balance security and power consumption to improve patient safety. This line of research is an important step in understanding how to provide better security and privacy as more medical devices rely on wireless communication. Wireless comunication has the potential to improve patient care, but researchers have yet to fully understand the effects of wireless communication on the security and privacy of pervasive devices. We do not believe that our discovery poses a significant threat today, but we are certain that the risks will grow as the technology develops. This research was carried out at the University of Massachusetts Amherst in collaberation with the Unviersity of Washington and the Harvard Medical School.
Biography: Kevin Fu is an assistant professor in the Department of Computer Science at the University of Massachusetts Amherst, and is the co-director of the Medical Device Security Center and the director of the RFID Consortium on Security and Privacy (RFID CUSP). Kevin investigates the security and privacy of pervasive and invasive computation --- including RFID, implantable medical devices, and file systems. Kevin's contributions include the security analysis of an implantable cardioverter defibrillator, RFID-enabled credit cards, Web authentication, and software updates; the SFS read-only file system for fast integrity-protected content distribution; key regression for efficient decenteralized access control of storage; and proxy re-encryption file systems for managing distributed access control. Kevin received his M.Eng. and Ph.D. in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology in 1999 and 2005 resectively, and his B.S. in Computer Science and Engineering from MIT in 1998. Kevin's research received a number of best paper awards from premiere conferences in computer security and cryptography. His research has appeared in The New York Times and The Wall Street Journal. Kevin also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.
Wednesday, September 17, 12:00pm
Conditional E-Payments by Marina Blanton
Abstract: Conditional e-cash or conditional e-payments have been introduced by Shi et al. (2007) as the means for enabling electronic payments to be based on the outcome of a certain condition not known in advance. In this framework, a payer obtains an electronic coin and can transfer it to a payee under a certain condition. Once the outcome of the condition is known, if it was favorable to the payee, the payee can deposit the coin; otherwise, the payer keeps the money. We show how a solution based on Camenisch-Lysynskaya signatures with protocols can be built to permit conditional e-payments that outperforms the original scheme in several respects. Furthermore, we extend the scheme to permit payees to further transfer (conditional) payments to other payees addressing the double-spending problem for all participants.
Biography: Marina Blanton is an Assistant Professor in the Department of Computer Science and Engineering at the University of Notre Dame. She received her Ph.D. in CS from Purdue University in 2007, MS in CS from Purdue University in 2004, and MS in EECS from Ohio University in 2002. Dr. Blanton's research interests lie in information security, privacy, and applied cryptography. She has over 20 research publications, is a co-editor of a book, and has been actively involved in professional services.
Wednesday, September 10, 12:00pm
MEDiSN: Medical Emergency Detection in Sensor Networks by Andreas Terzis
Abstract: Staff shortages and an increasingly aging population are straining the ability of emergency departments to provide high-quality care. Moreover, there is a growing concern about the ability of hospitals to provide effective care during disaster events. Tools that automate patient monitoring would greatly improve efficiency, quality of care, and the volume of patients treated. Towards this goal, we have developed MEDiSN, a wireless sensor network for monitoring patients' vital signs in hospitals and disaster events. MEDiSN comprises Patient Monitors (PMs) which are custom-built, patient-worn motes that sample, compress, encrypt, and sign medical data, and Relay Points that form a static multi-hop wireless backbone for carrying patient data. Moreover, MEDiSN includes a back-end server that persistently stores medical data and presents them to multiple GUI clients. MEDiSN's heterogeneous architecture enables it to address the compound challenge of reliably delivering large volumes of data while meeting the application's QoS requirements. Extensive results from simulations, testbed experiments, and a hospital pilot deloyment show that MEDiSN meets end-user requirements, scales from tens to hundreds of PMs, and effectively protects patient data from congestive and corruptive losses.
Biography: Andreas Terzis is an Assistant Professor in the Department of Computer Science at Johns Hopkins University. He joined the faculty in January 2003. Before coming to JHU, Andreas received his Ph.D. in computer science from UCLA in 2000. Andreas heads the Hopkins InterNetworking Research (HiNRG) Group where he conducts research in sensor networks and network security.
Wednesday, June 11, 11am
A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks by Mauro Conti
Abstract: Wireless sensor networks are often deployed in hostile environments, where an adversary can physically capture some of the nodes. Once a node is captured, the attacker can re-program it and replicate the node in a large number of clones, thus easily taking over the network. The detection of node replication attacks in a wireless sensor network is therefore a fundamental problem. A few distributed solutions have recently been proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol that is to be used in resource constrained environment such as a sensor network. Further, they are vulnerable to specific adversary models introduced in this paper.
The contributions of this work are threefold. First, we analyze the desirable properties of the distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks and we show that it is completely satisfactory with respect to the requirements. Extensive simulations also show that our protocol is highly efficient in communication, memory, and computation, that it sets out an improved attack detection probability compared to the best solutions in the literature, and that it is resistant to the new kind of attacks we introduce in this paper, while other solutions are not.
Monday, March 3, 3:00 - 4:00pm
Accountable Anonymity by Apu Kapadia, Dartmouth College
Abstract: Anonymizing networks such as Tor allow users to access Internet services privately using a series of routers to hide the client's IP address from the server. Tor's success, however, has been limited by users employing this anonymity for abusive purposes, such as defacing Wikipedia. Website administrators rely on IP address blocking for disabling access to misbehaving users, but this method is not practical if the abuser routes through Tor. As a result, administrators block all Tor exit nodes, denying anonymous access to honest and dishonest users alike. A few bad apples spoil the fun for everybody.
To address this problem, we present a low-overhead credential system called Nymble to provide "anonymous blacklisting." With Nymble, (1) honest users remain anonymous; (2) a server can complain and blacklist an anonymous user to recognize future connections from that user; and (3) users are aware of their blacklist status and can thus choose to remain anonymous by not accessing the service. As a result of these properties, our system is agnostic to servers' varying definitions of misbehavior --- servers can blacklist any user, for whatever reason, and users need not worry about a reduction in privacy from such blacklisting.
Biography: Apu Kapadia received his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign (UIUC) in October 2005. For his dissertation research on trustworthy communications, Apu received a four-year High-Performance Computer Science Fellowship from the Department of Energy. Following his doctorate, Apu joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies (ISTS). He is interested in topics related to systems security and privacy. He is particularly interested in accountable anonymity, privacy-enhancing technologies such as anonymizing networks, usable models and policy languages for privacy, and applied cryptography. You may visit his website at: http://www.cs.dartmouth.edu/~akapadia/
Tuesday, February 5, 3:00 - 4:00pm
Improving the Robustness of Private Information Retrieval by Ian Goldberg, University of Waterloo
Abstract: Suppose you want to look up a specific patent from an online patent database, but you don't want the operator of the database to learn *which* patent you're interested in. A trivial solution is for the database operator to send you the whole database; can we do better? Private Information Retrieval (PIR) is the field that examines these kinds of problems. There are a wide variety of PIR protocols; some protect the privacy of the query through encryption, while others protect it information-theoretically by splitting the query across multiple database servers. In the latter case, an important consideration is robustness: how do we deal with servers that may maliciously return incorrect results, collude for an adversarial purpose, or simply fail.
In this talk, we present a new PIR protocol that information-theoretically protects queries from a group of servers, some of which may respond incorrectly or not at all. Our new protocol increases the maximum privacy level (the number of servers which need to collude in order to determine your query) by a factor of 3 over the previous work. It also allows more servers to reply maliciously, while still maintaining your ability to determine the correct response to your query and to identify bad actors. We then extend this protocol to produce one which provides hybrid privacy protection: information-theoretic protection if a limited number of servers collude; cryptographic protection if they all do. We will conclude with some recent results further improving the effeciency of these protocols.
Biography: Ian Goldberg is an Assistant Professor of Computer Science at the University of Waterloo, where he is part of the Cryptography, Security, and Privacy (CrySP) research group. He holds a Ph.D. from the University of California, Berkeley, where he co-founded that university's Internet Security, Applications, Authentication and Cryptography group. From 1999 to 2006, he was Chief Scientist of Radialpoint (formerly known as Zero-Knowledge Systems), a company offering security and privacy technologies for Internet users.
Wednesday, January 16
Protecting Data Integrity on Untrusted Storage by Christian Cachin, IBM Zurich Research
Abstract: Future distributed data storage systems will rely on cryptographic protection methods as a key technology. This talk addresses two related methods to guarantee the integrity of data stored on an untrusted server.
When multiple clients access the shared storage space, a faulty server may always delay or leave out an update operation of some client in the view presented to the other clients. MaziEres and Shasha (PODC 2002) proposed a protocol to ensure that two clients, whose views have diverged from each other in as little as one operation, may never again see each other's updates after the split. This property of a storage access protocol has been called fork-linerizability. We show how to implement a fork-linerizable storage protocol with linear communication complexity (instead of quadratic) in the number of clients. We also illustrate why, in every such protocol, a reader must wait for a concurrent writer.
It is well-known that the integrity of a large number of stored data blocks can be protected by authenticating the root hash value of a Merkle tree computed from the blocks. However, advice on the design choices for implementing Merkle trees in file systems is sparse. We describe implementation strategies for Merkle trees in a file system prototype and experiments comparing the alternatives.
This talk is based on joint work with Bjorn Lalin, Abhi Shelat, and Alex Shraer.
Biography: Christian Cachin. Ph.D. in Computer Science from ETH Zurich, 1997; from 1997-1998 postdoctoral researcher at MIT Laboratory for Computer Science; since 1998 Research Staff Member at IBM Zurich Research Lab. His research interests are cryptography, network security, distributed systems, storage security, and information hiding. He is a Director of the IACR and was program chair of Eurocrypt 2004.
Wednesday, October 3
Building Shared Reference Monitor Systems by Trent Jaeger, Pennsylvania State University
Abstract: In this talk, I will describe an architecture for building secure distributed systems based on a Shared Reference Monitor (Shamon). A Shamon consists of distributed security components that collaborate to provide a single, coherent mechanism for enforcing mandatory access control (MAC), achieving the function of a local reference monitor. The challenge is to ensure the guarantees required of a reference monitor: complete mediation over security sensitive operations; tamper protection of the Shamon mechanism and state; and verifiability of correct enforecement of security goals. I will begin the talk by discussing the vision of future Shamon distributed systems and motivating why the recent emergence of ubiquitous virtual machine systems and trusted computing hardware is necessary to achieve the Shamon goals. I will then discuss our prototype Shamon system, highlighting the design decisions required to satisfy the reference monitor guarantees.
Biography: Trent Jaegar is an Associate Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security Lab. Trent's research interests include operating systems security, access control, and source code and policy analysis tools. He has published over 50 refereed research papers on these subjects. Trent has made a variety of contributions to Linux security, particularly to the Linux Security Modules framework, the SELinux module and policy development, integrity measurement in Linux, and the Xen security architecture. He is active in the security research community, having been a member of the program committees of all the major security conferences. He has been a guest editor of ACM TISSEC and program chair of ACM SACMAT and ACM CCS Government and Industry Track. He is currently the Program Chair for USENIX Hop Topics in Security. Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively. Wednesday, October 17
Feasible Privacy for Lightweight RFID Systems by David Evans, University of Virginia Abstract: Ubiquitous electronic labels present new privacy perils including individual tracking, behavior profiling, and corporate espionage. Passive RFID tags raise particularly serious privacy issues since they can be read silently from a distance, and are cheap and small enough to be embedded in many items an individual carries. Several protocols have been proposed for privacy protection in identification systems, but they rely on cryptographic hash functions that cannot be implemented on passive RFID tags. In this talk, I will present a new perspective on evaluating the privacy threat posed by RFID systems that uses an information-theoretic measure of privacy loss in the presence of a sophisticated, but rational, attacker. I will introduce ideas for actually implementing privacy protocols within the severe power constraints of RFID tags. Our analysis leads to the definition of a new type of hash function we call a "private hash function". I will describe a simple, abstract design that fulfills the requirements of a private hash function, and present a candidate instantiation of the design we propose. Our implementation is small enough to be implemented on RFID tags and is resistant against known cryptanalytic techniques.
This talk describes work primarily done by PhD student Karsten Nohl. Biography: David Evans is an Associate Professor at the University of Virginia and Director of the College of Arts & Sciences Major in Computer Science. He has BS, MS and PhD degrees in Computer Science from MIT. His research interests include program analysis, security through diversity, exploiting properties of the physical world for security, and applications of cryptography. For more information, see http://www.cs.virginia.edu/evans/ Wednesday, October 24
Active Hardware Metering for Piracy Prevention and Security by Farinaz Koushanfar, Rice University
Abstract: We introduce the first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering. The novel metering method simultaneously employs inherent unclonable variability in modern manufacturing technology, and functionality preserving alternations of the structural IC specifications. Active metering works by enabling the designers to lock each IC and to remotely disable it. The objectives are realized by adding new states and transitions to the original finite state machine (FSM) to create boosted finite state machines (BFSM) of the pertinent design. A unique and unpredictable ID generated by an IC is utilized to place an BFSM into the power-up state upon activation. The designer, knowing the transition table, is the only one who can generate input sequences required to bring the BFSM into the functional initial (reset) state. To facilitate remote disabling of ICs, black hole states are integrated within the BFSM. We introduce nine types of potential attacks against the proposed active metering method. We further describe a number of countermeasures that must be taken to preserve the security of active metering against the potential attacks. The implementation details of the method with the objectives of being low-overhead, unclonable, obfuscated, stable, while having a diverse set of keys is presented. The active metering method was implemented, synthesized and mapped on the standard benchmark circuits. Experimental evaluations illustrate that the method has a low-overhead in terms of power, delay and area, while it is extremely resilient against the considered attacks.
Biography: Farinaz Koushanfar is an assistant professor at the departments of Electrical and Computer Engineering (ECE) and Computer Science (CS) at Rice University since August 2006. She has finished her PhD in Electrical Engineering and Computer Science, and her MA in Statistics at UC Berkeley in December 2005. Prior to joining Rice, she held the Coordinated Science Lab (CSL) fellowship at the University of Illinois Urbana-Champaign. Her research interests are in hardware security and intellectual property protection, data integrity, and distributed embedded systems. She is the recipient of the DARPA/MTO Young Faculty Award across all core technology areas, and the NSF CAREER Award. She has also received Intel Open Collaborative Research fellowship, a best paper at Mobicom, NSF graduate student fellowship, and the UCLA Woman4change leadership award. http://www.ece.rice.edu/~fk1/ Monday, October 29
Network Capabilities: The Good, the Better, and the Future by Adrian Perrig, Carnegie Mellon University
Abstract: Network capabilities are a promising approach for building Denial-of-Service (DoS) resistant networks. In this talk I will survey three generations of capability-based systems: the basic first generation capability system providing basic protection against packet flooding, the second-generation system that provide stronger protection of the request channel, and the third-generation systems that provide advanced receiver-controlled request channel permissions.
Biography: Adrian Perrig is an Associate Professor in Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science at Carnegie Mellon University. He earned his Ph.D. degree in Computer Science from Carnegie Mellon University, and spent three years during his Ph.D. degree at Univeristy of California at Berkeley. He received his B.Sc. degree in Computer Engineering from the Swiss Federal Institute of Technology in Lausanne (EPFL). Adrian's research interests revolve around building secure systems and include Internet security, security of sensor networks and mobile applications. More information about his research is available on Adrian's web page. Adrian is a recipient of the NSF CAREER award in 2004, the IBM faculty fellowship in 2004 and 2005, and the Sloan research fellowship in 2006. Wednesday, November 7
Trusted Virtual Data Center -- Radically simplified security management by Reiner Sailer, IBM Research
Abstract: This talk introduces the Trusted Virtual Data Center (TVDc), which is designed to offer strong enterprise-level security guarantees in hosted data center environments. Designed to satisfy business-level security goals, TVDc simplifies management and provides explicit infrastructure-level containment and trust guarantees for data center environments based on virtualization. In this talk I will give an overview of the TVDc concepts as well as related technologies such as the secure hypervisor architecture (sHype), the integrity measurement architecture (IMA), and the virualized trusted platform module (vTPM). I will close with future work and open research problems.
Biography: Reiner Sailer is a Research Staff Member in the secure systems department at IBM T. J. Watson Research Center since 1999. He holds a PhD degree in Electronic Engineering from the University of Stuttgart, Germany (1999), where his research involved privacy, multi-lateral security, and security and fraud control in telecommunication networks. He is the technical lead for the Trusted Virtual Data Center at the T. J. Watson Research Center. His current research interests include secure hardware, access control, network and systems security, trusted computing, and secure virtualization infrastructure. Wednesday, November 14
TBA by Angelos Stavrou, George Mason University
Friday, November 16, 11:30am - 1:00pm
How to Spend Your E-Cash by Mira Belenkiy, Brown University
Location: Wyman Park Conference Room
Abstract: An electronic cash (e-cash) scheme lets a user withdraw money from a bank and then spend it anonymously. E-cash can be used only if it can be securely and fairly exchanged for electronic goods or services. In this work, we introduce and realize endorsed e-cash. An endorsed e-coin consists of a lightweight endorsement x and the rest of the coin which is meaningless without x. We reduce the problem of exchanging e-cash to that of exchanging endorsements. We demonstrate the usefulness of endorsed e-cash by exhibiting simple and efficient solutions to two important problems: (1) optimistic and unlinkable fair exchange of e-cash for digital goods and services; and (2) onion routing with incentives and accountability for the routers. Finally, we show how to represent a set of n endorsements using just one endorsement; this means that the complexity of the fair exchange protocol for n coins is the same as for one coin, making e-cash all the more scalable and suitable for applications. Our fair exchange of multiple e-coins protocol can be applied to fair exchanges of (almost) any secrets. Wednesday, November 28
Towards Rigorous Foundations for Database Privacy by Adam Smith, Pennsylvania State University
Abstract: Collections of personal and sensitive data, previously the purview of governments and statistical agencies, have become ubiquitous. The social benefits of analyzing these databases are significant: better informed policy decisions, more efficient markets, and more accurate public health data, to name a few. At the same time, releasing information from repositories of sensitive data can cause devastating damage to the privacy of individuals or organizations whose information is stored there. The challenge is to discover and release global characteristics of these databases, while protecting the privacy of individuals' records.
I will discuss a recent line of work exploring the tradeoff between these conflicting goals -- first, how the goals can be formulated precisely and second, to what extent they can both be satisfied.
I will expain why many popular approaches to data privacy fail to protect privacy in the presence of even very simple auxiliary information. In contrast, I will explain how a large class of computations can be performed while providing meaningful privacy guarantees, in the presence of *arbitrary* auxiliary information.
This is based on serveral works, joint with (subsets of) Cynthia Dwork, Ranjit Ganta, Shiva Kasiviswanathan, Homin lee, Frank McSherry, Kobbi Nissim, and Sofya Raskhodnikova. Wednesday, December 5
Privacy-Respecting Proactive Forensics by Tadayoshi Kohno, University of Washington
Abstract: Quick! Something bad has happened on the Internet. The traditional approach for determining the cause of the problem is to dig through logs and other forensics trails left by applications. These traditional approaches, while helpful, are limited in either: (1) their respect for the pivacy of parties in the common case when there is no incident to investigate or (2) the forensic trails are weak and spoofable. These limitations beg the question: Can we create applications -- and maybe even a new Internet -- that provide stronger yet also more privacy-respecting forensics trails by default? I will describe two ongoing projects centered on meeting these goals. The first project targets stronger but privacy-respecting forensics trails at the IP level. The second targets stronger but privacy-respecting methods for recovering lost or stolen mobile devices.
Bio: Tadayoshi Kohno is an Assistant Professor at the University of Washington, where his research ranges from applied cryptography to the security and privacy of implantable medical devices. Monday, December 10
BitBlaze: a Binary-centric Approach to Computer Security by Dawn Song, Berkeley
Abstract: Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. In this talk, I will present the BitBlaze project, a binary-centric approach to computer security: how we can address a wide-spectrum of different security problems by analyzing program binaries and automatically extracting security related properties from them. In particular, I will describe the two central research directions of BitBlaze: (1) the design and development of the underlying BitBlaze Binary Analysis Platform to addressing real-world security problems, including automatic vulnerability signature generation, a unified framework for malware analysis, and automatic deviation detection.
Bio: Dawn Song is an Assistant Professor at University of California, Berkeley. She obtained her PhD in Computer Science from UC Berkeley (2002). Her research interest lies in security and privacy issues in computer systems and networks. She is the author of more than 60 research papers in areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards and grants including the NSF CAREER Award, the IBM Faculty Award, the George Tallman Ladd Research Award, the Sloan Award, and the Best Paper Award in USENIX Security Symposium.
Tuesday, April 17, 2:30pm - 4:00pm
Nanotechnology in Medicine and Biosecurity: Dilemmas for Bioethics, Public Health Law, & International Human Rights by Dr. Tom Faunce, BA/LLB, B.Med PhD, Associate Professor, College of Law and Medical School, Australian National University
Time: 2:30PM - 4:00PM
Location: Hampton House 688
Sponsored by:
The Center for Law & the Public's Health at Georgetown & Johns Hopkins Universties, Johns Hopkins Berman Institute of Bioethics, and Institute for NanoBioTechnology (inbt) Monday, March 26, 4:00pm - 5:00pm
Updatable Zero Knowledge Databases by Dr. Moses Liskov, College of William and Mary
Abstract: Micali, Rabin, and Kilian recently introduced zero-knowledge sets and databases, in which a prover sets up a database by publishing a commitment, and then gives proofs about particular values. While an elegant and useful primitive, zero-knowledge databases do not offer any good way to perform updates. We explore the issue of updating zero-knowledge databases. We define and discuss transparent updates, which (1) allow holders of proofs that are still valid to update their proofs, but (2) otherwise maintain secrecy about the update.
We give rigorous definitions for transparently updatable zero-knowledge databases, and give a practical construction based on the Chase et al construction, assuming that verifiable random functions exist and that mercurial commitments exist, in the random oracle model. We also investigate the idea of updatable commitments, an attempt to make simple commitments transparently updatable. We define this new primitive and give a simple secure construction.
|
