Engineers Test Highly Accurate Face Recognition

Debugging Election Codes

Ranking Corporate America on Identity Theft

Demands for Personal Information Controls on Social Networking Sites Increase

TRUST Spring 2008 Conference: April 2-3, 2008

• Advance a leading-edge research agenda to improve the state-of-the art in
  cybersecurity and critical infrastructure protection;
  
  
• Develop a robust education plan to teach the next generation of computer scientists, engineers, and social scientists; and
  
  
• Pursue knowledge transfer opportunities to transition TRUST results to end users within industry and the government.
  

A Legal Analysis of the Sony BMG Rootkit Debacle

CPO Panel Highlights Privacy Challenges

CSO Perspective on Security Breach Notification Laws

Engineers Learning People Skills, Too

Applications for SECuR-IT, WISE and SUPERB available until January 31, 2008

FaceBook: Giving Personal Info for Profit?

Stanford/TRUST faculty offer Advanced Computer Security Certificate Online: What You Don?t Know Can Hurt You

"Specific topics covered include secure software design, buffer overflows, SQL injection attacks, authentication, access control, data integrity, symmetric encryption, public-key cryptography, and more. The Advanced Computer Security certificate program requires six courses three core and three electives. The instructors regularly update the content. Each course is self- paced and approximately six hours long, and is available at any time. Detailed information about the program is found at http://proed.stanford.edu/?security."

Security Focus Interviews Adam Barth about DNS Rebinding

"I'm a Ph.D. student at Stanford University and a member of the Stanford Web Security Lab. Collin Jackson, Andrew Bortz, Weidong Shao, Dan Boneh, and I are presenting a paper at the 2007 ACM Conference on Computer and Communications Security, detailing how to protect browsers from DNS rebinding attacks."

Adrian Perrig Leads Research Team Dedicated To Analyzing and Disrupting Internet Attackers' Black Markets

To stem the flow of stolen credit cards and identity data, Carnegie Mellon researchers proposed two technical approaches to reduce the number of successful market transactions, including a slander attack and another technique, which were aimed at undercutting the cyber-crooks verification or reputation system.

"Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.

In a slander attack, an attacker eliminates the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services," Franklin said.

The researchers also propose to undercut the burgeoning black market activity by creating a deceptive sales environment.

Perrig's team developed a technique to establish fake verified-status identities that are difficult to distinguish from other-verified status sellers making it hard for buyers to identify the honest verified-status sellers from dishonest verified-status sellers.

"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behavior is known as 'ripping.' And it is the goal of all black market site's verification systems to minimize such behavior," said Franklin.

The "Profiles in Team Science" document and website covers TRUST

Deirdre Mulligan: Data breach laws have had positive effect

The legislation has had a positive effect on security, according to Deirdre Mulligan, clinical professor of law at the UC Berkeley School of Law.

She told silicon.com: "I believe that the law has heightened the attention paid to information security. The initial impact of the law was likely to make incidents public but the lasting effect should be to reduce the number and severity of breaches by creating incentives to invest in security."

Mulligan said her research had shown that security breaches drive information exchange among security professionals - for example some chief security officers summarised news reports from breaches at other organisations and circulated them to staff with 'lessons learned' from each incident.

She said: "The goal of the law was to improve security practices, not provide notices. Research and anecdote both suggest that it has improved practices along many dimensions. As practices improve, notices should decrease."

Some organisations have a 'that could have been us' moment and patch systems with similar vulnerabilities to the organisation that had a breach. The introduction of the legislation has meant an improved focus on security and better information about costs of failure, which allows for sounder investments, she added.

Pam Samuelson named a Berkman Center Fellow

Engineering a new curriculum

Trust Autumn 2007 Conference

Symatec Graduate Fellowship

[...]we're now accepting applicants for our 2008 Symantec Fellowship. This is a multiple award, one year fellowship for graduate students pursuing innovative research related to information security and availability. It provides a $20,000 stipend, plus tuition and fees and is distinguished by an opportunity to work along-side our leading researchers.

http://www.symantec.com/about/careers/college/fellowship.jsp

UK House of Lords report, "Personal Internet Security," includes TRUST talk summaries

Shankar Sastry named Dean of UCB College of Engineering

For other items, see the TRUST News blog.

Older News Items

	August 24, 2006: The Distinguished External Advisory Board met in Berkeley. Presentations (Viewable only by deab workgroup members, see How do I request a workgroup account?) Individuals with any Trust website account may view the presentations. The Distinguished External Advisory Board membership includes: Alfred Aho (Columbia)   Annie Anton (NCSU) Matt Bishop (UC Davis)   Lee Burge (Tuskegee) David Clark (MIT)   George Cybenko (Dartmouth) James Johnson (Howard)   Jay Lala (Raytheon) Carl Landwehr (UMD)   Dan Manson (Cal State Pomona) Andrew Odlyzko UMN   William Sanders (UIUC) Eugene H. Spafford (Purdue)
	August 24, 2006: The TRUST Academy Online (TAO) is available (note that the url is https not http). Yuan Xue has created the first course, Cryptography, which is an example of how to link to existing course material. Larry Howard has written an overview and educator's guide about VaNTH, the system behind TAO.
	August 22, 2006: Stanford Professors Dan Boneh and John Mitchell won a Computerworld Horizon Award for Password Hash.
	August 1, 2006: TRUST has two important positions available: Education Director for TRUST (#004902) Executive Director for TRUST (#004791) To find out more, go to http://jobs.berkeley.edu/ and search in the Senior Management/Executive Job Category for the keyword TRUST. If you have questions or concerns, contact Shankar Sastry (sastry at eecs) or Mary Margaret Sprinkle (mms at eecs).
	July 27, 2006 The Trust 2005-2006 Annual Report is available to the general public and 1st 5 year Strategic Plan is available to Trust website members.
	July 19, 2006 Professor David Wagner testified about electronic voting in front of a House Committee in Washington, D.C. (Forbes, Salon)
	July 5-28, 2006: CMU's 2006 Capacity Building Workshop occurred. "The IACBP is an intensive in-residence summer program designed to help build Information Assurance education and research capacity at minority-serving universities. The program is organized into several sessions, offering both theoretical Information Assurance education and hands-on experiences through a boot camp on network security offered by CISCO. Specific sessions are also dedicated to curriculum development."
	June 11 - August 04, 2006: TRUST is proud to sponsor six undergraduate students from diverse backgrounds and cultures, to participate in the Summer Undergraduate Program in Engineering Research at Berkeley (SUPERB-IT). The students were: Joceyln Adams Tonmoy Bhattacharjee Kaseima Frye Sonny Hernandez Jessica Jimenez Pellot Jamie Lauren Webb These students will work with graduate student mentors throughout the summer of 2006 performing research and supporting activities in the area of information technology for assisted living at home. For details, see the SUPERB workgroup.
	May 30 - August 4th, 2006: Vanderbilt's TRUST Summer Internship Program in Hybrid and Embedded Software Research (SIPHER) is underway. "The objective of this program is that undergraduates from underrepresented groups (women of any race, and also Native-Americans, African-Americans, and Hispanics) participate in the research program: receive training in the science and technology developed by the researchers, and work on specific research problems."
	July 5 - 11, 2006: This year's Women's Institute in Summer Enrichment (WISE) program was attended by 19 individuals. WISE is a residential summer program on the University of California, Berkeley campus that brings together graduate students, post-doctoral fellows and professors from all disciplines that are interested in Ubiquitous Secure Technology and the social, political, and economical ramifications that are associated with this technology. For details, please see The WISE workgroup.
	June 28, 2006: Slashdot mentions a Security Focus Interview with Rachna Dhamija about the paper "Why Phishing Works" she coauthored with Doug Tygar and Marti Hearst.
	June 21-23, 2006: Joint US-EU-Tekes workshop: "Long Term Challenges in High Confidence Composable Embedded Systems" (Helsinki, Finland)
	June 19, 2006: 2nd TIPPI Workshop Trustworthy Interfaces for Passwords and Personal Information (Stanford)
	June 12, 2006: TRUST/iCAST Agreement Minister Lin, Beth Burnside, Mark Kamlet, D.T. Lee TRUST and International Collaboration for Advancing Security Technology (iCAST) have signed a 3 year, $800 thousand/year collaborative research agreement where iCAST will attend TRUST meetings, have access to TRUST websites, TRUST students and faculty as well as other benefits. iCAST is a team with members from Taiwan Information Security Center (TWISC) represented by Academia Sinica, the Institute for Information Industry (III) and the Industrial Technology Research Institute of Taiwan (ITRI) designed to collaborate with International Institutions in various fields related to Information Security. TWISC Announcement
	June 5, 2006: AF-TRUST Kickoff
	May 10, 2006: Douglas Schmidt and Michael Reiter's work with the Air Force Global Information Grid is highlighted at ACM TechNews and at the Vanderbilt news service.
	May 8, 2006: The May 2006 IEEE Computer Magazine contains a cover feature by Edward A. Lee: "The Problem with Threads" For concurrent programming to become mainstream, we must discard threads as a programming model. Nondeterminism should be judiciously and carefully introduced where needed, and it should be explicit in programs.
	May 8, 2006: The Air Force Office of Scientific Research recently committed to funding the AF-TRUST-GNC (Air Force Team for Research in Ubiquitous Secure Technology for GIG/NCES), an Air Force center for research on challenges associated with the Global Information Grid and Network Centric Enterprise System (GIG/NCES) trends that have become dominant themes within the USAF and the military family. Researchers at AF-TRUST-GNC will explore innovation in the following areas: Provide guaranteed Scalable, Real Time, Fault Tolerant Quality of Service for network centric enterprise systems Develop techniques for large scale information assurance and security policy management Develop new tools for secure scalable, information discovery, information architecture and mediation This new center is funded through the Program Name AFOSR Opportunities in Information Science and Technology under the CFDA Title Air Force Defense Research Sciences Program.
	April 27th & April 28th, 2006: The Trust NSF Site Visit was held at UC Berkeley. (Presentations)
	April 28th, 2006: The Workshop on Electronic Patient Records was held at UC Berkeley. David Brailer, the National Coordinator for Health Information Technology, was the keynote speaker for this event organized by TRUST, CITRIS, the UC Berkeley School of Public Health and the California Regional Health Information Organization. The workshop covered the uses of new information and communication technologies for the better delivery of health care. Especially highlighted in this meeting was the use of new wireless devices, sensor webs and security/privacy considerations of dynamic electronic medical records. Security and privacy is an important pillar of the HSS Health Information Technology plan for the nation, and this workshop highlighted some of the NSF funded research in this area as well as health care providers and stakeholders' efforts in this area.
	April 26, 2006: The Executive Advisory Board met at UC Berkeley.
	April 12, 2006: Marci Meingast and Christopher Brooks are now running a TRUST Security and Privacy Blog. This blog is for news items related to Security and Privacy, but that don't specifically mention TRUST. TRUST specific items will appear below.
	March 28, 2006: The Sensor Networks and Privacy workshop was held at Cornell. Participants: Cornell CS, Information Science, ECE, Civil Engineering Berkeley Law School
	March 24-25, 2006: The Spring Planning Meeting of the I3P was held on the UC Berkeley campus. The I3P functions as a virtual national lab with the ability to organize teams and workgroups to address research and policy-related aspects of the vulnerabilities inherent in the information infrastructure.
	March 20, 2006: The Stanford Security Forum Workshop was held.
	March 17, 2006: Congresswoman Sheila Jackson Lee (D-TX), ranking Democrat on the House Committee on Homeland Security, was briefed on TRUST and the relevance of it work to Homeland Security by Vijay Raghavan.
	March 16-17, 2006: The EU-US Meeting, titled Large ICT-based Infrastructures and Interdependencies: Control, Safety, Security and Dependability was held in Washington, D.C. Goals for this meeting included fostering technical collaboration between the US and the EU on increasingly ICT-centric infrastructures. Also, strategic opportunities were identified for cooperation in preparation for new research programs, such as Framework Program 7 for the EC and program directions for FY 2007 and forward by the NSF and other US agencies. In particular, the workshop established concrete cooperation mechanisms that will pave the way for joint events and activities like overseas benchmarking opportunities and instruments for visionary shared research programs.
	March 14-15, 2006: The Beyond SCADA: Networked Embedded Control Systems Meeting was held in Washington, D.C. It was coordinated by the National Information Technology Research and Development group (NITRD)'s High Confidence Systems and Software (HCSS) subcommittee, the National Science Foundation, the National Institute of Standards and Technology, and the National Security Agency. This meeting will serve as a planning meeting for a longer meeting to be held at CMU in October 2006. This series of meetings will facilitate the roadmapping process for the research agenda in the area of Networked Embedded Control Systems.
	March 13, 2006: The Department of Homeland Security sponsored a meeting of the Identity Theft Technology Council, which was hosted by SRI. The meeting was attended by chief security officers from financial and IT companies. Vijay Raghavan presented an overview of TRUST. John Mitchell attended and discussed the possibility of incorporating industrial speakers in the educational outreach of TRUST.
	February 19, 2006: Fred Schneider's presentation at the annual meeting of the American Association for the Advancement of Science was covered in Linux Electrons: Computer Security Lacks Accountability Says Cornell Expert.
	February 7, 2006: The February 2006 IEEE Computer Magazine contains articles by a number of Trust Members including Kenneth Birman, Janos Sztipanovits, Gabor Karsai, and Douglas Schmidt.
	February 2, 2006: The Trust workgroups are starting up! If you meet the membership criteria, please feel free to request an account. Once you have an account, to join a workgroup, go to Options -> Memberships Below are groups of interest: education: Education and Outreach ( Ruzena Bajcsy, Sigurd Meldal, Janos Sztipanovits ) gig: Global Information Grid (Douglas Schmidt) healthcare: Electronic medical records (Janos Sztipanovits) idtheft: Phishing, identity theft and other issues (John Mitchell) languages:Programming Language Techniques for Security (David Wagner) netdefenses: Network defenses (Anthony Joseph) sensornets: Embedded systems and secure sensor networks (Stephen Wicker) trustworthy: Trustworthy systems (Michael Reiter)
	January 27, 2006: Deirdre Mulligan was interviewed on Democracy Now, a Radio and TV program about "The Great Firewall of China: Internet Companies Censor Material at Chinese Government"
	January 9-10, 2006: The Trust Winter Meeting was held in Washington, D.C. (presentations)
	December 16, 2005: The Trust Design Workshop for an Integrative Project related to Patient Portals was held at Vanderbilt.
	December 16, 2005: Design Workshop for an Integrative Project related to Patient Portals (Vanderbilt)
	December 15, 2005: Trust Membership page updated, including small or minority-owned business membership level. Winter Conference Agenda updated.
	October 27, 2005: Trust Visitors might find Euguene Spafford's Testimony before the House Armed Services Committee Hearing on "Cyber Security, Information Assurance and Information Superiority" of interest.
	October 11, 2005: Sensor Networking Workshop (Cornell)
	September 20, 2005 The Trust publications website is up! Trust Researchers, please add relevant papers and presentations.
	September 13 - 19, 2005 The Keyboard Sound Detection work of Professor Doug Tygar's group was covered in The San Francisco Chronicle, Scientific American, Slashdot and other media outlets. See Professor Tygar's publication page for a preprint.
	Autum, 2005: Homeland Security / Cyber Security course Joint class between University of Washington, CSE P 590TU, UC Berkeley PP 190/290-009 and UCSD CSE 291 (A00) consisted of lectures about policy, technology, psychological motivations of Terrorism
	September 1, 2005 The first Trust Seminar talk was be given by Shankar Sastry. The Trust Seminar is held on Thursdays 4-5pm in 540 Cory Hall, UC Berkeley. See the Seminar page for details.
	August 25, 2005: The Trust server is on new hardware. If you manage a Trust workgroup using CVS, you will need to change CVS servers. See the FAQ for details.
	August 4, 2005: The Credence project of Professor Emin Gun Sirer's group was featured on Slashdot and in the New Scientist in March. Credence is a distributed object reputation management scheme that counteracts content pollution in peer-to-peer filesharing systems.
	2 professors go fishing for phishers San Francisco Chronicle, July 25, 2005.
	June 13, 2005: 1st TIPPI Workshop Trustworthy Interfaces for Passwords and Personal Information (Stanford)
	Stanford joins multi-institution center on research in cybersecurity and computer trustworthiness Stanford Report, April 14, 2005.
	Campus to Direct New Research Center UC Berkeley to Lead Team in Pursuit of Internet Security The Daily Californian, April 14, 2005.
	U.S. Grant Offered To Team Studying Computer Attacks Wall Street Journal, April 12, 2005.
	U.C. Berkeley to head cybersecurity project NY Times, April 12, 2005.
	Vanderbilt engineering part of national 'dream team', To design, develop new secure system design technologies Vanderbilt News Service, April 12, 2005.
	Smith joins bid to thwart cyberattacks Boston Globe (AP), April 12, 2005.
	NSF establishes cybersecurity center ComputerWorld, April 12, 2005.
	Cal picked to lead coalition to fortify network security Contra Costa Times, April 12, 2005.
	Cal will lead effort against cyberattacks Berkeley to lead U.S. effort to foil cyberattacks Oakland Tribune, April 12, 2005.
	U.C. Berkeley to head cybersecurity project ZDNet, April 12, 2005.
	Universities, industry to fight hacker threat 5-year, $19 million project intended to boost cybersecurity San Francisco Chronicle (AP), April 12, 2005.
	UC-Berkeley Leads Cybersecurity Consortium Washington Post (AP), April 12, 2005.
	NSF established two new technology centers Washington Times (UPI) April 12, 2005.
	UC-Berkeley Leads Cybersecurity Consortium Forbes, April 11, 2005.
	Grant to research computer security San Jose Mercury News, April 11, 2005.
	NSF launches $19 million research program for computer security Cornell University News Service, April 11, 2005.
	Researchers Are Part of New NSF Center Studying Cybersecurity and Trustworthy Computing Carnegie Mellon Media Relations, April 11, 2005.
	UC Berkeley to lead $19 million NSF center on cybersecurity research UC Berkeley Campus News, April 11, 2005.
	NSF Announces Intent to Establish Two New Science and Technology Centers National Science Foundation, April 11, 2005.