| |
|
Research Experiences for Undergraduates
SECuR-IT
20th ACM CFP Conference
WISE
Post-Doc 
Key Resources:
UC Berkeley's Pamela Samuelson wins IP3 AwardUC Berkeley Law Professor and renowned scholar Pamela Samuelson is one of four winners of this year's IP3 Award from the Washington-based public interest group Public Knowledge.As a director of the Berkeley Center for Law & Technology, Samuelson is being acknowledged for her work in information policy, particularly in such areas as privacy, copyright, freedom of expression, intellectual property and consumer protection. "Public Knowledge has been the most important voice for public-spirited intellectual property and Internet policy,? says Samuelson. ?I?m pleased that this organization believes I have made contributions to these same policies worthy of being named to this award." See more in the Berkeley Law News Archive.  Web add-ons compromise 'private browsing'A study by Dan Boneh of Stanford University claims that many browser add-ons or website security measures stop the 'private browsing' mode from working correctly.Boneh and team examined the private browsing functions on Mozilla's Firefox, Microsoft Internet Explorer, Google Chrome and Apple's Safari and discovered all four were affected. Moreover, they discovered that all browsers retained the generated key pair even after private browsing ends which could leak the site's identity to an attacker. "We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boneh said in the report. Boneh and his researchers say they believe they are the first to show that 'private browsing' can be compromised. See full article at PC Advisor. Related articles appear at THIN!.co.uk and BBC NEWS.  Patents seen as low priority for software firmsTom Abate's San Francisco Chronicle article, "Patents seen as low priority for software firms" discusses the paper written by Stuart J. H. Graham, Robert P. Merges, Pamela Samuelson and Ted M. Sichelman, "High Technology Entrepreneurs and the Patent System: Results of the 2008 Berkeley Patent Survey."The article quotes Pamela Samuelson: "More than 80 percent of the biotech, medical device and hardware firms we surveyed have or have applied for patents. . . About two-thirds of software firms have no patents and have not applied for any." The study is also discussed by Phyorg, Broadbandbreakfast and Canadaviews.  Vanderbilt medical researchers, engineers play major role in new national center established to secure the privacy of electronic health informationThe Vanderbilt University News Network released an article on Friday announcing the $15 million awarded to create a new center for health information and privacy. The center, headquartered at the University of Illinois, will include researchers from Vanderbilt University; University of California, Berkeley; Carnegie Mellon University; Dartmouth College; Harvard Medical School; Johns Hopkins University; Northwestern Memorial Hospital; Stanford University; University of Massachusetts, Amherst and the University of Washington.It is one of four health care research centers established and funded for four years with American Recovery and Reinvestment Act of 2009 funds as part of the $60 million Strategic Healthcare Information Technology Advanced Research Projects on Security (SHARPS) program. ?Our participation in the new SHARPS center reflects the fact that Vanderbilt has become highly visible in the field of health care security and privacy,? said Janos Sztipanovits, director of the Institute for Software Integrated Systems (ISIS) at Vanderbilt?s School of Engineering.Vanderbilt has gained experience in this area through its participation in the TRUST Science and Technology Center founded in 2006 by the National Science Foundation. The $40 million TRUST Center, whose core members are the University of California, Berkeley; Carnegie Mellon University; Cornell University; Stanford University; and Vanderbilt University, is one of the nation?s leading research consortiums focusing on the scientific foundations of system security and privacy. Vanderbilt has headed up TRUST?s health-care-related program. See full article at VUCast.  Andrew Myers net radio interview: "Build security into applications"Cornell Associate Professor Andrew Myers was interviewed on FederalNewsRadio about "Build security into applications":
 Keeping Medical Data PrivateResearchers at Vanderbilt University have developed an algorithm that simultaneously protects privacy of patients while allowing medical records to be used for research on the genetics of disease.The new method, published online April 12 in the Proceedings of the National Academy of Sciences, simply disguises parts of the medical history data that are not relevant to a geneticist?s specific research question using an algorithm that looks through health records and makes some aspects of them more general. ?We?re hoping that it?s a game-changer,? says Bradley Malin, a biomedical informatics specialist from Vanderbilt University in Nashville who helped develop the method. The problem is, it's not all that difficult to follow a specific set of codes backward and identify a person, says Malin. See articles in Science News and MIT's Technology Review.  Loose Clicks Sink ShipsSince it is possible to analyze audio recordings of keystrokes, computer scientists have been able to reconstruct accurate transcripts of what is being typed, including passwords. By contrast with more sophisticated types of espionage, it is very easy to do. All that is needed is a cheap microphone and a desktop computer.While past attempts at writing software to decipher the recorded keyboard sounds have only been at most 80% successful, Doug Tygar and colleagues at the University of California, Berkeley have developed software that achieves 96% accuracy. The software can decode anything, including scrambled ten-character passwords. Dr. Tygar suggests simply turning up the radio to thwart these auditory invasions. However, since background noise will be ultimately overcome with more sophisticated recording, Tygar recommends that typed passwords be phased out, to be replaced with biometric checks or multiple types of authorization that combine a password with silent verification (e.g., clicking on a pre-selected image in an array of images). See full article in The Economist.  "How Lenders Overlook the Warning Signs of ID Theft"Brad Stone's NY Times Blog entry "How Lenders Overlook the Warning Signs of ID Theft" discusses Chris Hoofnagle's paper "Internalizing Identity Theft. The abstract for that paper says:
Stone's article gives an overview of how lenders approved credit applications, "one victim found four of six fraudulent applications submitted in her name contained the wrong address; two contained the wrong phone number and one the wrong date of birth." Stone's article was also picked up by Slashdot  'MULE' Prototype Uses Location for AuthenticationResearchers at CMU (Carnegie Mellon University) have constructed a location-based encryption model for protecting data in lost or stolen laptops with little or no user interaction or IT administrative overhead.The so-named Mobile User Location Specific Encryption (MULE) method encrypts only sensitive files on a user's laptop. In a paper entitled Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password researchers say Our goal is to remove user effort associated with encryption technology while achieving the same or better security comparedto traditional password-based approaches. For example, with MULE, a user can securely store encrypted copies of bank records and tax returns on a laptop, and automatically gain access when opening those files in the home office, CMU CyLab technical director Adrian Perrig and CMU graduate student Ahren Studer write in their paper on MULE. "After a thief steals the laptop, the only way to recover the files is to break into the user's home." See Tech Center: Insider Threat article in Dark Reading .  Security flaw exposed on Home Shopping NetworkWhen a possible security flaw exposing customers of a large television shopping network to credit card fraud was encountered by a user, ABC's 7 On Your Side contacted computer security expert at UC Berkeley Doug Tygar, who suggested that they find out for themselves if her fears were founded.The customer tried the 'Shop by Remote' feature on Home Shopping Network but directed her order to be shipped to her sister's address and found she could do so without her sister even knowing about it. This result was brought back to Tygar. "I didn't believe it," he said. "I was shocked that you could do that, that such an obvious and large hole would be left open."Tygar says requiring passwords is an industry standard. It is true that HSN requires both a user name and password when customers shop online. However, neither are required with HSN's "Shop by Remote" feature. "I would imagine they would be able to deploy a password mechanism in a matter of days. It shouldn't take that much effort," Tygar said. See full article at 7 on Your Side .  Breaking the Botnet CodeUC Berkeley Professor Dawn Song co-presented a talk on Malware and Bots at the Association for Computing Machinery's Conference on Computer and Communications Security this week.Networks of compromised computers controlled by a central server, known as 'botnets' can be used to systematically spew spam, host malicious code, or flood a network to cut off its access to the Web. Researchers presented a tool at the conference that can decipher the structure and purpose of communications between a control server and its bots through automatic reverse engineering. The researchers parlayed the technique into a tool called Dispatcher that will analyze botnet network communications and even inject new information into the communications stream. The researchers note that such automated tools are not yet needed for analyzing most malware since more than 90 percent of all botnets use easy-to-break encryption with their communications, making manual techniques rather easy and fast. Yet botnets will continue to evolve, says UC Professor Song. "Botnet programs are becoming more complicated," she says. "They are using various obfuscation techniques and so on. So maybe manual analysis can work for now, but in the future, we will need better tools." See article in Technology Review.  UC Berkeley computer science professor and privacy expert, Doug Tygar, consulted about security flaws in CalJOBS websiteWhen "CBS 5 Investigates" discovered a state-run website may be putting hundreds of thousands of Californians at risk of identity theft, they asked UC Berkeley Computer Science professor and privacy expert Doug Tygar to take a look at a problem experienced by laid off worker Tom Diederich.Diederich had posted his resume on CalJOBS, the state's job site, as is required for getting unemployment benefits. However, when Diederich logged back in to the site the next day, he saw someone else's information, including their name, where they live, email and phone number. The next time, he got someone else's information and the following 5 or 6 times he logged in, he saw the same info about those other people. Professor Tygar said, "I consider that to be a serious security breach." Moreover, Tygar was able to get into the site and look at other applicants' supposedly private data. "I was able to access other people's personal information including their address, their phone numbers, email, personal details," Tygar said. Just by changing a few numbers in the URL, he was able to go in and change information on peoples' resumes. "I would in fact have been able to go through and change that if I were a malicious attacker," he said. The glitch that allowed Diederich to click on his bookmark and read other peoples' resumes appears to be fixed. EDD said their web site team is now following up on the other possible vulnerabilities identified by CBS 5 Investigates. They say if such vulnerabilities are found, they will correct them immediately. See full story at CBS News.  UC Berkeley Professor David Wagner contracted by the state to investigate voting logsThe state of California is conducting a months-long investigation into audit logs inside the state's electronic voting systems after reports of serious problems with the logs, even to the point where an election official or someone else could delete votes while leaving no electronic trail of such action.According to Secretary of State Debra Bowen, the investigation is examining what the audit logs actually record and whether they can be easily altered or deleted. Bowen, appearing at an event concerning an open source voting project in development, told Threat Level that the state had contracted with David Wagner, a computer scientist with the University of California at Berkeley to investigate what the logs on the Premier/Diebold e-voting system, as well as every other voting system used in California, do and do not record. See full article in THREAT LEVEL.  TRUST Executive Director at launch of UK's new cybersecurity centerThe United Kingdom's lead center for cyber security research opens today at Queen's University Belfast. The £30 million Centre for Secure Information Technologies (CSIT) will become the UK's principal center for the development of technology to combat malicious cyber attacks and is one of the first Innovation and Knowledge Centres (IKCs) created in the UK.Attendance at the Centre's launch of some of the most respected national and international figures in the field of cyber-security, including Larry Rohrbough, Chief Executive of TRUST, the United States' major center in the area of cyber-security at the University of California at Berkeley, highlights the significance of the new Centre to the global communications and IT industries. Professor John McCanny, CSIT principal investigator says "The approach adopted within CIST contrasts with the more conventional way academic research is undertaken. Our starting points tend to be larger "mission-driven" projects involving sizeable teams for which ambitious and challenging end goals have been identified". See press release at EurekAlert!.  UC Berkeley Professor Ruzena Bajcsy receives Technical Leadership AwardThe winner of the Anita Borg Technical Leadership Award, awarded to a woman that has inspired the women's technology community through outstanding technological and social contributions, is Ruzena Bajcsy, Professor of Electrical Engineering at the University of California, Berkeley as well as Director Emerita of the Center for Information Technology Research in the Interest of Society (CITRIS). Dr. Bajcsy has spearheaded new research fields, guided national policy regarding social issues and lead the computing community in addressing them.See press release at MarketWatch.  Sequoia e-voting machine commandeered by clever attackUsing a method known as return-oriented programming, computer scientists have figured out how to trick a widely used electronic voting machine machine into altering tallies by bypassing measures that are supposed to prevent unauthorized code from running on it.The Sequoia AVC Advantage machine is programmed to execute code only when it's stored on read-only memory chips that are difficult to install and remove. By expressly forbidding running code in random access memory, the intention was to make it impossible for attackers to inject malicious programs that might compromise the integrity of an election. However, a computer science research team from Princeton, UC San Diego and the University of Michigan succeeded with an attack by reverse engineering first the hardware on a legally purchased Sequoia AVC Advantage and then also reverse engineer the software it ran by analyzing the ROM. The research was presented this week at the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. "It's excellent research," said David Wagner, a computer scientist from the University of California at Berkeley who attended the conference. "The research is significant because it illustrates that attacks get better over time and it shows just how difficult it is to protect paperless voting systems." ® See article in The Register.  Creating the New Cybersecurity Pro; Interview with Cornell Computer Science Professor Fred SchneiderSamuel B. Eckert Professor of Computer Science at Cornell University Fred Schneider believes the future of the IT profession is handicapped by a shortage of academics to provide the training for needed IT security skills.In an interview with GovInfoSecurity.com, Schneider contends that to produce not only the teachers, but the practitioners themselves, American universities need to create innovative graduate-level programs that provide training that encompasses not only an understanding of IT security technologies, but an understanding of why the technology is needed as well. Schneider, also a member of the federal government's Information Security and Privacy Advisory Board and co-chair of Microsoft's Trustworthy Computing Academic Advisory Board, says "In the longer term, when you make cybersecurity technology decisions, you want to make it within the context of things like knowing its effect on privacy, knowing whether the economics of the situation support the kinds of changes you are making and understanding about business models." See full story and interview transcriptin GovInfoSecurity.com.  Academic: Wireless sensors can easily measure caloric intakeShankar Sastry, Dean of Engineering at the University of California Berkeley, was recently interviewed along with Senior Director of Manhattan Research, Monica Levy, by the California Healthcare Foundation's iHealthBeat. Both Sastry and Levy discuss the current state and the promise of wireless-enabled healthcare tools.?The cell phone is perfect because it?s like a wrist watch you carry around, I think the idea of having access to electronic medical records is transformational in that it changes electronic medical records to be personal health records,? Sastry said. ?So I think that going forward there will be a huge consumer push to be able to both record and analyze data and the cell phones are gradually becoming not just a place for repository and also for analyzing data, but also as a distributive sensor network in the sense that the cell phone can interrogate other sensors which are attached to your body.? ?It?s reasonably easy for us to measure the [caloric] in-take ? the out-take has always been way, way difficult, partly because we have such different metabolic rates,? Sastry said. ?But I do think with the sensing though you do get a handle on those metabolic rates. So That I think is huge: To be able to then get sense of how much you are burning up in addition to how much you are taking in.? See more at mobilehealthnews.com.  Dr. Ruzena Bajcsy to receive HP Innovation AwardDr. Ruzena Bajcsy, EECS Professor at the University of California, Berkeley, was among Professors selected from around the world to receive an award as part of the second annual HP Labs Innovation Research Program.The Program is designed to create opportunities for colleges, universities and research institutes for conducting breakthrough collaborative research with HP. Given the significant contributions achieved in last year's program, which includes 61 published papers and 13 invention disclosures, HP extended a second year of funding to 31 professors in 2009. Awardees will work with HP Labs' researchers on fundamental research areas like intelligent infrastructure, immersive interaction and cloud computing, which includes social computing. See complete article at TRADINGMARKETS.COM.  National cyber security: Cornell's Fred Schneider will testify before CongressCornell University Computer Science Professor Fred Schneider, a noted expert on cyber security, will testify at the Hearing on Cyber Security Research and Development on Wednesday, June 10, organized by the Committee on Science and Technology, U.S. House of Representatives.See announcement in Media Newswire,  Stanford's Dawson Engler Receives 2008 Grace Hopper AwardTRUST researcher and Stanford University Professor Dawson Engler was awarded theAssociation for Computing Machinery Grace Murray Hopper Award for 2008. This prestigious award is given annually to the "outstanding young computer professional of the year" who is selected based on a "single recent major technical or service contribution". Prof. Engler was cited for his groundbreaking work in developing advanced tools and techniques that automate program checking to identify software errors. His approaches based on static analysis, model checking, and symbolic execution have proven very successful at finding bugs in large and complex applications. Technical papers describing this research are available on Prof. Engler's homepage.  Personal information of thousands of UC Berkeley students, alumni hackedApproximately a decade's worth of information on current and former UC Berkeley students was stolen by hackers, as announced by the University last Friday. The infractions concerned records dating back to 1999 at the school's health center that included Social Security numbers, health insurance information, immunization history and the names of treating physicians.The thefts were initially discovered about a month ago, but system administrators did not realize the scope of the attack until April 21. University Associate Vice Chancellor for Information Technology Shelton Waggener said the hackers disguised their work as routine operations and then left taunting messages for UC Berkeley employees. Waggener says that the thieves accessed the information through the University web site. Stanford University Professor of Computer Science John Mitchell said that thieves worldwide have set up black markets to sell stolen data, adding that Asia, Eastern Europe and Nigeria have particularly active hackers. Mitchell also stated that the taunting messages left by the Berkeley thieves may indicate they are amateurs. "If your intent is to steal information and sell it on the black market, you're probably not going to call attention to yourself like that," he said. "It could be that these are kids." See more in The Daily Review.  Momentum Shifts Against Google in Old Books ControversyBNET media relates several new developments in the class action suit between Google and some authors over who will control publishing rights of millions of out-of-print books.One of the leading legal experts on issues of intellectual property rights, UC Berkeley Professor Pamela Samuelson has written a powerful argument to the presiding judge in the case, U.S. District Judge Denny Chin. Judge Chin himself has also announced that he is extending the deadline for those wishing to oppose the settlement by four months, from May 4 to September 4. The Justice Department is checking out the antitrust implications of the arrangements made between Google and groups representing publishers and authors, where it would be possible for millions more books to be included in Google Book Search unless the copyright holders take steps to opt out. A larger issue to those who were not party to the deal concerns the large number of "orphan works", those whose rights holders cannot be identified. ?The proposed settlement of this lawsuit is a privately negotiated compulsory license primarily designed to monetize millions of orphan works,? wrote Professor Samuelson. ?[It] would give Google a monopoly on the largest digital library of books in the world. It and BRR, which will also be a monopoly, will have considerable freedom to set prices and terms and conditions for Book Search?s commercial services. ? Google will also be the only service lawfully able to sell orphan books and monetize them through subscriptions.? See more on this story at Good Morning Silicon Valley, Los Angeles Times, and Silicon Beat.  Google Books Rival Objects to SettlementSan Francisco's digital library Internet Archive opposes the current 125 million dollar Google settlement with authors and publishers that gives Google the rights to scan and sell books on the Internet.Dismay at the fate of orphan works, estimated at some 70 percent of books being scanned, is mounting as the May 5 deadline for objections to the settlement nears. UC-Berkeley School of Law professor Pamela Samuelson said the issue of orphaned works should be handled by legislators, not as a settlement in a class action. "Usually if you want a compulsory license you have to go to Congress," she said.Professor Samuelson favors a scenario in which the Internet Archieve as well as other digital libraries in addition to Google, would get a license to scan the boks and make them available online. "I hadn't expected them to intervene," she said. "It's an interesting development -- it's going to be interesting to see how it turns out." See more at Law.com .  Copyright Scholar Challenges RIAA/DOJ PositionSlashdot refers to an article in New York Country Lawyer about UC Berkeley Professor Pamela Samuelson, leading copyright law scholar, publishing a 'working paper' that argues directly against the stand taken by the US Department of Justice in RIAA cases on the constitutionality of the RIAA's statutory damages theories. The Department of Justice has argued that the Court should follow a 1919 United States Supreme Court case upholding the constitutionality of a statutory damages award that was 116 times the actual damages borne, under a statute that gave consumers a right of action against railway companies.The paper discusses, in depth, a number of issues regarding statutory damages under the Copyright Act and also concludes that the State Farm/Gore due process test is applicable to statutory damage awards under the Copyright Act. This position is consistent with that taken in the amicus curiae filed by the Free Software Foundation in earlier RIAA case defending the defendant's Due Process defense to the RIAA's claim for statutory damages and contradicts the Department of Justice briefs, arguing that the Gore due process test applies. See the complete working paper, Statutory Damages in Copyright Law: A Remedy in Need of Reform, by Pamela Samuelson and Tara Wheatland . The DOJ's intervention last month on behalf of the RIAA was covered in a Slashdot posting Obama DOJ Sides with RIAA. 
Older News ItemsThese items are being moved to the Trust Website News Blog
|
