Friday, December 10, 2010


8:45 - 9:25 Breakfast/Registration (outside Davis Auditorium)
9:25 - 9:30 Welcome/Opening Remarks
9:30 - 10:30 Content-Based Access Control

Rob Johnson, Stony Brook University

Recent Progress in Leakage-Resilient Cryptography

Yevgeniy Dodis, NYU

10:30 - 11:00 Coffee Break (outside Davis Auditorium)
11:00 - 12:00 Image Forensics: There is more to it than meets the eye

Nasir Memon, NYU/Poly

Account Recovery at an Internet Scale

Moti Yung, Google

12:00 - 13:30 Lunch (outside Davis Auditorium)
13:30 - 15:00 AccessMiner: Using System-Centric Models for Malware Protection

Mihai Christodorescu, IBM Research

Techniques to Defend Against Concurrency Attacks

Junfeng Yang, Columbia University

White Space Security: Securing our Spectral Resources

Wade Trappe, Rutgers University

15:00 - 15:30 Coffee Break (outside Davis Auditorium)
15:30 - 17:00 NEBULA: A Future Internet Architecture that Supports Trustworthy Cloud Computing

Jonathan M. Smith, University of Pennsylvania

Toward a Clearer Understanding of Accountability

Aaron D. Jaggard, DIMACS Center and Colgate University

From Computational Biology to Network Security

Adriana Compagnoni, Stevens

Abstracts

Content-Based Access Control

Rob Johnson, Stony Brook University

Access control decisions are traditionally based on metadata, such as ACLs, associated with the objects to which access is being mediated. We have been exploring access control policies that make decisions based on the content of the objects being read or written. Content-based access control is necessary when users are unwilling to manually configure access control meta-data or when the access-control policy is most naturally expressed in terms of content. We have developed three CBAC applications:

  • Privacy policy inference for blogs. Our privacy policy inference engine for bloggers infers the correct privacy policy for new posts by comparing their content to the content of old posts.
  • Data loss prevention. Our DLP system uses machine learning techniques to automatically identify documents containing enterprise secrets, preventing employees from accidentally leaking those documents via email, blogs, social networks, etc.
  • Wikipedia vandalism detection. Updates to Wikipedia must meet the encyclopedia's style and content requirements, and vandalism is a serious drain on Wikipedia editors' time. We have developed an automated vandalism detection system that correctly classifies edits with over 94% accuracy.

Recent Progress in Leakage-Resilient Cryptography

Yevgeniy Dodis, NYU

I will survey recent advances in the field of Leakage-Resilient Cryptography. This booming area is concerned with the design of cryptographic primitives resistant to arbitrary side-channel attacks, where an attacker can repeatedly and adaptively learn information about the secret key, subject only to the constraint that the overall amount of such information is somehow "bounded", so that not the entire secret key is leaked.

I will start by surveying recent results in the so called Bounded Leakage Model, where the overall leakage is bounded by some parameter L, and the goal is to make L large relative to the length of the secret key. Then, I will move to the Bounded Retrieval Model, which ensures that the complexity of the scheme is independent of the leakage bound L (e.g., it does not increase when the leakage parameter L grows). Finally, I briefly mention the most advanced Continuous Leakage-Model, where the secret key is periodically refreshed (public key is fixed!), and the amount of leakage is only bounded in between *successive refreshes*, but is unbounded overall.

Most of the covered material can be found in the survey available here: http://cs.nyu.edu/~dodis/ps/brm.ps

Image Forensics: There is more to it than meets the eye

Nasir Memon, NYU/Poly

Given the ease by which digital images can be created, altered, and manipulated with no obvious traces, digital image forensics has emerged as a research field with important implications for ensuring digital image credibility. This talk will provide an overview of recent developments in the field, focusing on three problems. First, collecting image evidence and reconstructing them from fragments, with or without missing pieces. This involves sophisticated file carving technology. Second, attributing the image to a source, be it a camera, a scanner, or a graphically generated picture. The process entails associating the image with a class of sources with common characteristics (device model) or matching the image to an individual source device, for example a specific camera. Third, attesting to the integrity of image data. This involves image forgery detection to determine whether an image has undergone modification or processing after being initially captured.

Account Recovery at an Internet Scale

Moti Yung, Google

"Internet Accounts" may become some of the life-long relationships that users have with global service providers. In this talk we will identify and characterize the problem of "account recovery" for the setting of large-scale Internet service providers. We will discuss the methodologies and techniques for maintaining these accounts while facing benign and malicious log-in failures, will present tools for analysis of the recovery techniques, and will suggest various directions and issues related to this emerging problem.

AccessMiner: Using System-Centric Models for Malware Protection

Mihai Christodorescu, IBM Research

Most proposed malware detectors that use system calls follow a program-centric analysis approach, where detection models are built based on specific behaviors of individual applications. Unfortunately, it is not clear how well these models generalize, especially when exposed to a diverse set of previously-unseen, real-world applications that operate on realistic inputs. I will present a study we did on the diversity of system calls by performing a large-scale collection (compared to previous efforts) of system calls on hosts that run applications for regular users on actual inputs. Our analysis of the data demonstrates that simple malware detectors, such as those based on system call sequences, face significant challenges in such environments. To address the limitations of program-centric approaches, I propose an alternative detection model that characterizes the way in which benign programs access OS resources (such as files and registry entries). Our experiments demonstrate that this approach captures well the behavior of benign programs and raises very few (even zero) false positives while being able to detect a significant fraction of today's malware.

Techniques to Defend Against Concurrency Attacks

Junfeng Yang, Columbia University

The rise of multicore and the coming storm of cloud computing call for more and more multithreaded programs. These programs often contain many concurrency errors such as races and atomicity violations. We've found that many of these errors are remotely exploitable, allowing what we call concurrency attacks.

In this talk, I'll describe two systems we recently built to defend against concurrency attacks. The first system, TERN, uses the idea of schedule memoization to make threads deterministic and stable. Specifically, it memoizes past, working schedules, and reuse them on future inputs when possible, thus making multithreaded programs repeat familiar (likely correct) behaviors. The second system, LOOM, allows users to safely and quickly patch live applications to work around concurrency errors.

White Space Security: Securing our Spectral Resources

Wade Trappe, Rutgers University

The radio spectrum is a valuable resource that has facilitated a wide range of applications, from supporting our communications infrastructure to facilitating scientific research to supporting military missions and public safety. Over the past decade, the FCC has explored opening up spectral resources, which were previously allocated, as a means to support economic growth and new technologies. In parallel with the FCC's discussions, there has been the development of programmable radio technologies (aka. cognitive radios) that will facilitate the use of these new spectral resources. Although these new radio platforms can be arbitrarily programmed to take advantage of spectral opportunities, they might also be programmed to introduce new security threats to these spectral resources. For example, software radios can be programmed arbitrarily to inject interference, greedily exploit protocols in order to hoard spectral opportunities, or monitor communications. This talk will explore a wide range of security techniques that can be used to protect our spectral resources from exploitation by malicious radio entities. In particular, we will discuss a variety of physical layer security techniques that can establish services analogous to link-layer authentication, support key management, and detect anomalous traffic being injected by malicious radio entities. Additionally, we will explore regulation mechanisms that may be implemented on a software radio as a means to prevent user-implemented protocols from acting in a manner that are unfair to other radio nodes.

NEBULA: A Future Internet Architecture that Supports Trustworthy Cloud Computing

Jonathan M. Smith, University of Pennsylvania

NEBULA is a future Internet architecture that is intrinsically more secure and addresses threats to the emerging computer utility capabilities called cloud computing while meeting the challenges of flexibility, extensibility and economic viability. NEBULA's architecture surrounds a highly-available and extensible core network interconnecting data centers with new trustworthy transit and access networks that enable many new forms of distributed communication and computing. NEBULA mobile users will have quick, secure, 24x7 access to services such as financial transactions and electronic medical services at any location. Local device software systems will evolve to select from a continuum of distributed computing and storage services provided by data centers accessible via NEBULA. A major technical concern for such an architectural vision is trustworthiness, e.g., that each user's data is kept private and that communication is always available. NEBULA addresses the security properties of confidentiality, integrity and availability with a systems approach.

Toward a Clearer Understanding of Accountability

Aaron D. Jaggard, DIMACS Center and Colgate University

Accountability is widely agreed to be important and desirable, but there does not seem to be a standard definition of "accountability," and researchers in different areas use it to mean different things. I'll present work from an ongoing project (joint with Joan Feigenbaum and Rebecca Wright) that addresses these issues, the relationship between accountability and other goals (like privacy), and the requirements for accountability. I'll focus on the initial (but essential) steps of identifying and disambiguating often-conflated notions related to accountability.

From Computational Biology to Network Security

Adriana Compagnoni, Stevens

In this talk we will present the design and implementation of a new programming language for the modeling, 3D visualization and stochastic simulation of dynamic communication networks in a reactive environment. The language was motivated by the need to introduce a notion of 3D space and scope in biological and bio-medical scenarios, in particular, to model hydrogels for infection resistant medical implants being developed at Stevens. Our system enables the visualization of thousands of mobile agents traveling in a 3D space while interacting with each other in selective ways. As an example, we can visualize thousands of mobile devices and cell towers of different vendors. A color-coded scheme enables visualization of different stages of the authentication protocols, and whether a device is granted access to services or not.