TRUST Seminar Series

If you are visiting Cory Hall from off campus, please see the Visitor Information page.
To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.
(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Spring 2010 TRUST Seminar Series

   Thursday, January 14, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Rich Internet applications are becoming increasingly distributed, as demonstrated by the popularity of AJAX or Web 2.0 applications such as Facebook, Google Maps, Hotmail and many others. A typical multi-tier AJAX application consists, at the least, of a server-side component implemented in Java J2EE, PHP or ASP.NET and a client-side component running JavaScript. The resulting application is more responsive because computation has moved closer to the client, avoiding unnecessary network round trips for frequent user actions.

However, once a portion of the code has moved to the client, a malicious user can subvert the client side of the computation, jeopardizing the integrity of the server-side state. In this project we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley replicates a copy of the client-side computation on the trusted server tier. Every client-side event is transferred to the replica of the client for execution. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity.

We built Ripley on top of Volta, a distributing compiler that translates .NET applications into JavaScript, effectively providing a measure of security by construction for Volta applications. We have evaluated the Ripley approach on five representative AJAX applications built in Volta and also on Hotmail, a large widely-used AJAX application. Our results so far suggest that Ripley provides a promising strategy for building secure distributed web applications, which places minimal burden on the application developer at the cost of a low performance overhead.  .

Ben Livshits is a researcher at Microsoft Research in Redmond, WA. He received a B.A. from Cornell University in 1999, and his M.S. and Ph.D. from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. He is known for his work on software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. Lately he has been focused on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.

   Thursday, January 21, 2010 at 1:00PM
   540a/b, Cory Hall    <-- Note different location

Abstract. The cloud approach to computing, where users outsource part of their workload to a cloud provider's data center, holds the promise of efficient and reliable large-scale computation. At the same time, because it multiplies the actors involved, cloud computing introduces significant security challenges. Ideally, a mechanism that offers complete isolation between the many cloud workloads and the cloud infrastructure itself is needed. Virtualization is an approximation of such an isolation mechanism, where a hypervisor (part of the cloud infrastructure) manages the execution of virtual machines (the users' workloads). Coupled with the fact that the hypervisor can observe the execution of virtual machines (VMs) via VM introspection, virtualization enables the creation of a variety of security tools to detect or even prevent attacks against VM workloads.

In this setting, I will discuss several ongoing projects in our security group at IBM Research. I will argue that the security guarantees of VM-introspection tools are weakened when moving from standalone virtualization to virtualization in the cloud. Our solution for secure VM introspection in the cloud relies only on the integrity of the virtual hardware (and implicitly the hypervisor). Additionally I will discuss security applications built on this secure-introspection primitive, allowing the cloud provider to monitor the runtime integrity of user workloads..  .

Mihai Christodorescu researches software and system security at the IBM T.J. Watson Research Center. His current interests include behavior-based analysis and malware detection, web privacy, and cloud integrity. He received a Ph.D. in 2007 from University of Wisconsin, Madison, where he was advised by Somesh Jha. Before that, he earned a B.S. degree in Computer Science from University of California at Santa Barbara.

   Thursday, January 28, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. The paper investigates the effects of competitive cyber-insurers on network security when users are arbitrary risk-averse and network security is costly for them. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, and improving security becomes more costly for a user when his security is higher. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard (i.e., once a user is insured, his incentives to invest in security worsen). Then, if an equilibrium exists, network security always worsens relative to the no-insurance equilibrium. Though with cyber-insurers user welfare may increase (due to risk redistribution), aggregate costs of network insecurity increase as well due to higher network risks. Next, we introduce two user types (good and bad), which insurers cannot distinguish. This additional informational asymmetry causes adverse selection (i.e., bad users purchase insurance contracts designed for good users). We demonstrate that our model permits to price competitive cyber-insurance in the presence of multiple user types. In the pooling equilibrium with insurance, good users subsidize bad users, and network security worsens relative to the no-insurance equilibrium. Lastly, we consider insurers with full information about their users' security. Here, user security is perfectly enforceable (zero cost). Each insurance contract stipulates the required user security and covers the entire user damage. Still, for a significant range of parameters, network security worsens relative to the no-insurance equilibrium. Thus, in general, competitive cyber-insurers may fail to improve network security.  .

Galina Schwartz is a researcher in the Department of Electrical Engineering and Computer Science, at the University of California, Berkeley. Her focus is game theory applications to Internet commerce, specifically Internet security and service quality (network neutrality). Galina Schwartz received her Ph.D. in Economics from Princeton University. Prior to joining TRUST, she taught economics in the Department of Economics, UC-Berkeley and UC-Davis, and finance in the Department of Finance at the University of Michigan, Ann-Arbor, Ross School of Business. She collaborates with University of Michigan Center for Information Technology Integration (CITI).

   Thursday, February 4th, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users' privacy: digital stalking and identity theft are some of the most common threats. Unfortunately, even sophisticated users who value their privacy will often compromise it to improve their presence in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy preferences in online services is often a complicated and time consuming task that users usually skip. To address these issues, we are developing mechanisms and platforms to measure and monitor users' privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area. I am hoping that the talk could inspire discussions and new ideas that will eventually make our online environment safer and more comfortable.  .

Kun Liu, Ph.D. is a Scientist at Yahoo! Labs working on problems related to computational advertising. Before joining Yahoo, Kun was a Postdoctoral Researcher at IBM Almaden Research Center, working on privacy-preserving social-network analysis, text analytics and healthcare informatics. His contributions to these projects have won him five IBM Invention Achievement Awards, one IBM Invention Plateau Award and one IBM Bravo Award. Kun received his Ph.D. in Computer Science from University of Maryland Baltimore County in 2007. His research interests include privacy-preserving data mining, social-network analysis, text analytics, distributed data mining and statistical machine learning.

   Thursday, February 11, 2010
  

   Thursday, February 18, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Abnormal situations arise in process plants when plants deviate from normal operational modes. Such excursions could have an adverse effect on product quality, process safety, occupational health, environmental quality and process economics. The economic impact of such abnormal situations is enormous; about $30 billion/year in losses in the petrochemical industries alone in the US. The cost is much more when includes other industries such as pharmaceutical, specialty chemicals, and power industries. Furthermore, process safety, security, occupational health, and environmental hazards are ever increasing in importance in response to heightening public concern and the resultant tightening of regulations. Thus, there exists considerable incentive in developing appropriate solutions towards the management of abnormal situations in complex process plants. People in the process industries view this as the next major challenge in control systems research and application.

There are two different, but related, components of the overall abnormal events management (AEM) problem. One deals with the problem of process safety during real-time operations. The other deals with safety issues during the design and/or modifications of the plant or the processes. This is, of course, the domain of process hazards analysis (PHA). In both cases, one depends on humans to perform sophisticated cause-and-effect reasoning through hundreds of possibilities, and for real-time situations, often under enormous psychological strain. Accidents investigations have shown human errors, due to information overload, time pressure, and lack of adequate training, are often the major causes of accidents. As a result, researchers have been investigating the potential of intelligent systems for abnormal situation management and process hazards analysis. These two problem areas are now poised to play a dominant role in defining the course of process systems research and application for the coming decade. In this talk, I will present an overview of these two problem areas, the challenges we face and the encouraging emerging trends. Recent progress has promising implications on the use of intelligent systems for a variety of applications in the chemical, petrochemical, and pharmaceutical industries for inherently safer design, operator training, abnormal situation management, and optimal process operations.  .

Venkat Venkatasubramanian is a Professor of Chemical Engineering and a Professor of Industrial and Physical Pharmacy (by courtesy) at Purdue University. He received his Ph. D. in Chemical Engineering (with a Minor in Theoretical Physics) from Cornell University, M.S. in Physics from Vanderbilt University, and B. Tech. in Chemical Engineering from the University of Madras, India. Venkat worked as a Research Associate in Artificial Intelligence in the School of Computer Science at Carnegie-Mellon University and taught at Columbia University before joining Purdue in 1988. Prof. Venkatasubramanian's research contributions have been in the areas of process fault diagnosis and abnormal events management, risk identification and management in complex engineered systems, pharmaceutical engineering and informatics, product design via discovery informatics, systems biology, and complex adaptive systems using knowledge-based systems, neural networks, genetic algorithms, mathematical programming and statistical approaches. His teaching interests include process design, process control, pharmaceutical engineering, systems biology, artificial intelligence, statistical physics, and applied statistics.

Prof. Venkatasubramanian has published 170 refereed papers, and delivered 125 invited lectures and seminars, including 16 keynote/plenary lectures, at various international conferences and institutions all over the world. He has authored or co-authored three books and co-edited two. Venkat has chaired or co-chaired over thirty international meetings, conferences and sessions in the areas of artificial intelligence applications in process engineering. Thirty doctoral and nine masters students have graduated under Venkat's supervision.

Prof. Venkatasubramanian's contributions have been recognized by several awards and honors. He was the 1990 recipient of the Eminent Overseas Lectureship Award from the Institution of Engineers in Australia. He received the Norris Shreve Award for Outstanding Teaching in Chemical Engineering in 1993, 2004 and 2006, and the Teaching for Tomorrow Award in 2004, both awarded by Purdue University. He is an Associate Editor of Computers and Chemical Engineering. In 1996, Industry week magazine selected him as `one of the fifty R&D stars in the United States whose achievements are shaping the future of our industrial culture and America's technology policy'. His co-authored paper on fault diagnosis was awarded the CAST Directors' Award for the Best Poster Presentation at the 2000 AIChE Annual meeting. Venkat and his students were awarded the Best Paper Prize for 2002-05 from the Journal of Engineering Applications of Artificial Intelligence, sponsored by the International Federation of Automatic Control (IFAC), for a paper on abnormal events detection and process risk management. His co-authored paper on informatics won the 2006 Best Paper Prize from Computers and Chemical Engineering. He is a co-recipient of the Team Research Excellence Award from the College of Engineering, Purdue University, in 2007, for his contributions to the development of the discovery informatics framework for molecular products design. In 2007, Venkat was recognized for his outstanding teaching record at Purdue as the only faculty member in the College of Engineering to be elected to the Teaching Academy. In 2010, AIChE honored Venkat with the Computing in Chemical Engineering Award for his contributions in process systems engineering.

   Thursday, February 25, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. In his script for `All The President's Men', author William Goldman coined the famous adage `follow the money', giving Woodward and Bernstein crucial advice for their investigation. In the past years, the growth of the Internet has enabled a financially motivated underground marketplace that presents a case perhaps less politically motivated but surely no less thrilling, in which this classic strategy has remained almost entirely unused.

In this talk I will present a study that sheds light on one component of this market, namely spam-based advertising. The `conversion rate' of spam, the probability that an unsolicited email with ultimately elicit a `sale', underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. I will describe a methodology for using parasitic infiltration of botnets, large networks of infected computers responsible for the vast majority of spam observed today - to empirically infer the delivery and conversion rates of spam campaigns. I will present an analysis of over 400 million instrumented spam emails across two campaigns and quantify the underlying processes that modulate its profits.

The results provide insights into the entire spam conversion pipeline and illuminate some of the market pressures on the spammers and botmasters involved, and thus point out initial avenues for following the money in this poorly understood economy.  .

Christian Kreibich is a staff research scientist at the International Computer Science Institute in Berkeley. He received his Ph.D. from the University of Cambridge, UK, and a Diplom in Computer Science from the Technical University of Munich, Germany. His research focuses on topics in network architecture, distributed systems, and network security.

   Thursday, March 4, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Secure Information Flow is a fundamental problem in the security of networks and large-scale distributed systems where the basic question is: Under what constraints will a piece of information flow securely in a network in the face of adversaries propagating bogus information? Answering this question has important ramifications on how we design secure routing protocols, secure DNS, secure content rating systems, Sybil-resilient P2P systems. In this talk, I will present some of our recent results in addressing the secure information problem in trust networks where each network edge represents a strong trust relationship between the participating nodes. In the first result, I will describe a decentralized mechanism to compute the "reputation of routing protocol updates" in a trust network. In the second result, I will describe a distributed verification protocol that can drastically reduce the number of admitted Sybil identities in a decentralized trust network. In the third result, I will show how we can achieve probabilistic secure information flow in sparse trust networks (with high probability guarantees) by establishing weak trust relationships with "constrained random" friends. At the end, I will describe how we can use a combination of these three results to improve the security of many existing networks and distributed systems.  .

Lakshminarayanan Subramanian is an assistant professor in the Courant Institute of Mathematical Sciences at New York University. His research interests are in the areas of networks, distributed systems and technologies for developing regions. At NYU, he co-leads the Networks and Wide-area Systems (NeWS) research group and leads the CATER research initiative, a multi-disciplinary group focusing on appropriate technologies for development. He is a recipient of the NSF CAREER award, IBM Faculty award and C.V. Ramamoorthy award.

   Thursday, March 11, 2010 at 1:00PM
   540a/b, Cory Hall    <-- Note different location

Abstract. TBD.

TBD TBD.

   Thursday, March 18, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. TBD.  .

TDB TBD.

   Thursday, March 25, 2010
  

   Thursday, April 1, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Privacy on social networking sites [SNS] is a hot topic with much controversy - can one have any expectations of privacy when sharing personal details about one's life online? Do users understand what happens to their personal information on SNSs? Do they use privacy controls, or even know they're there? Do users understand potential risks to their information, including who can access it, and on Facebook specifically, how third party applications can access their profile data? I decided to investigate these issues by conducting a survey on Facebook.com using the site's third party application platform. At this talk, I will present my initial findings, focusing both on social networking sites generally and aspects of Facebook.com specifically.  .

Jennifer King is a PhD candidate at the School of Information, UCB. Her work focuses primarily on privacy issues on the internet as well with ubiquitous systems and sensor networks.

   Thursday, April 8, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. This work analyzes the effect of replay attacks on a control system. We assume an attacker wishes to disrupt the operation of a control system in steady state. In order to inject an exogenous control input without being detected the attacker will hijack the sensors, observe and record their readings for a certain amount of time and repeat them while carrying out his attack. This is a very common and natural attack (we have seen numerous times intruders recording and replaying security videos while performing their attack undisturbed) for an attacker who does not know the dynamics of the system but is aware of the fact that the system itself is expected to be in steady state for the duration of the attack. We assume the control system to be a discrete time linear time invariant Gaussian system applying an infinite horizon Linear Quadratic Gaussian (LQG) controller. We also assume that the system is equipped with a Chi Square failure detector. The main contributions of this work, beyond the novelty of the problem formulation, consist in 1) providing conditions on the feasibility of the replay attack on the aforementioned system and 2) proposing a countermeasure that guarantees a desired robability of detection (with a fixed false alarm rate) by trading off either detection delay or closed loop system performance.  .

Bruno Sinopoli received the Dr. Eng. degree from the University of Padova in 1998 and his M.S. and Ph.D. in Electrical Engineering from the University of California at Berkeley, in 2003 and 2005 respectively, along with the Management of Technology Certificate from the Haas Business School. After a postdoctoral position at Stanford University, Dr. Sinopoli joined the faculty at Carnegie Mellon University where he is an assistant professor in the Department of Electrical and Computer Engineering with courtesy appointments in Mechanical Engineering and in the Robotics Institute. Dr. Sinopoli was awarded the 2006 Eli Jury Award for outstanding research achievement in the areas of systems, communications, control and signal processing at U.C. Berkeley. His research interests include networked embedded control systems, distributed estimation and control with applications to wireless sensor-actuator networks and system security.

   Thursday, April 15, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Digital identity management (DIM) has emerged as a critical foundation for supporting successful interaction in today's globally interconnected society. It is crucial not only for the conduct of business and government but also for a large and growing body of electronic or online social interactions. Digital identity management is usually coupled with the notion of federation. The goal of federations is to provide users with protected environments to federate identities by the proper management of identity attributes. Federations provide a controlled method by which federation members can provide more integrated and complete services to a qualified group of individuals within certain sets of business transactions. By controlling the scope of access to participating sites, and by enabling secure, cross-domain transmission of user's personal information, federations can make the perpetration of identity frauds more difficult, as well as reduce their frequency, and their potential impact. In this talk we will first discuss basic digital identity concepts and requirements towards DIM solutions and we will overview relevant initiatives currently undergoing in academia and industry. We will then focus on the problem of identity theft and discuss an initial solution to the problem of establishing and protecting digital identity.  .

Elisa Bertino is professor of Computer Science at Purdue University and serves as Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS). Previously she was a faculty member at Department of Computer Science and Communication of the University of Milan where she directed the DB&SEC laboratory. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies.

Her main research interests include security, privacy, digital identity management systems, database systems, distributed systems, multimedia systems. In those areas, Prof. Bertino has published more than 250 papers in all major refereed journals, and in proceedings of international conferences and symposia. She is a co-author of the books "Object-Oriented Database Systems - Concepts and Architectures" 1993 (Addison-Wesley International Publ.), "Indexing Techniques for Advanced Database Systems" 1997 (Kluwer Academic Publishers), "Intelligent Database Systems" 2001 (Addison-Wesley International Publ.), and "Security for Web Services and Service Oriented Architectures" 2010 Springer. She has been a co-editor in chief of the Very Large Database Systems (VLDB) Journal from 2001 to 2007. She serves (has served) on the editorial boards of several scientific journals, including IEEE Internet Computing, IEEE Security&Privacy, ACM Transactions on Information and System Security, ACM Transactions on Web.

Elisa Bertino is a Fellow member of IEEE and a Fellow member of ACM. She received the 2002 IEEE Computer Society Technical Achievement Award for "For outstanding contributions to database systems and database security and advanced data management systems" and the 2005 IEEE Computer Society Tsutomu Kanai Award "For pioneering and innovative research contributions to secure distributed systems".

   Thursday, April 22, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. TBD.  .

TDB TBD.

   Thursday, April 29, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. TBD.  .

TDB TBD.

   Thursday, May 6, 2010 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. The browser has become a popular attack vector for implanting code on computer operating systems. Equally critical, important sessions, such as online banking and other sensitive online activities, must be protected from cross-site attacks from other concurrent sessions. In this presentation, we describe an approach using lightweight virtualization to create a safe browsing environment, called SafeFox,to protect both the host and important browsing sessions from malicious Web content. With SafeFox,the browser runs in its own virtual environment (VE) in its own process namespace, file system, and IP address; furthermore, when browsing to a secure bookmarked site SafeFox automatically creates a new isolated lightweight virtual environment (VE) for the secure bookmarked site. While the native platform of SafeFox is Linux, we have created a SafeFox virtual appliance to run on multiple platforms, including Windows. An implementation is currently being commercialized.  .

Anup Gosh is Research Professor and Chief Scientist in the Center for Secure Information Systems (CSIS) at George Mason University. Dr. Ghosh was previously Senior Scientist and Program Manager in the Advanced Technology Office of the Defense Advanced Research Projects Agency (DARPA) where he managed an extensive portfolio of information assurance and information operations programs. Ghosh is also founder of Secure Command, a software security company that commercializes next generation security research. Ghosh's research focuses combating malicious software within the enterprise. He has developed novel approaches for securing desktops using virtualization. He is also developing techniques for detecting malicious code within enterprise networks by classifying network traffic flows.

Ghosh previously served in executive management as Vice President of Research at Cigital, Inc. He has served as principal investigator on contracts from DARPA, NSA, and NIST's Advanced Technology Program and has written more than 40 peer-reviewed conference and journal articles. Ghosh is also author of three books on computer network defense. Ghosh serves on the editorial board of IEEE Security and Privacy Magazine and has been guest editor for IEEE Software and IEEE Journal on Selected Areas in Communications. Ghosh is currently a member of the Committee on Information Assurance for Network-Centric Naval Forces for the Naval Studies Board, National Research Council. Ghosh is a Senior Member of the IEEE. For his contributions to DoD's information assurance, Dr. Ghosh was awarded the Frank B. Rowlett Trophy for Individual Contributions by the National Security Agency in November 2005, a Federal government wide award. He was also awarded the Office of the Secretary of Defense Medal for Exceptional Public Service for his contributions while at DARPA. In 2005, Worcester Polytechnic Institute awarded Dr. Ghosh its Hobart Newell Award for Outstanding Contributions to the Electrical and Computer Engineering Profession. Ghosh has previously been awarded the IEEE's Millenium Medal for Outstanding Contributions to E-Commerce Security. Ghosh completed is Ph.D. and Master of Science in Electrical Engineering from the University of Virginia and his Bachelor of Science in Electrical Engineering from Worcester Polytechnic Institute.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?