TRUST Seminar Series
The Fall 2009 TRUST Seminar Series talks will be held in Soda Hall, Wozniak Lounge on the campus of the
University of California, Berkeley Thursdays from 1:00 - 2:00 PM.
If you are visiting Cory Hall from off campus, please see
the Visitor Information page.
To receive notification of future TRUST Seminar Series talks, please join either the
trustlocal or
the trustseminar workgroup.
(Most members of TRUST that are located to UC Berkeley
should join the trustlocal workgroup
instead of the trustseminar workgroup.)
Information on past TRUST Seminars is available here.
Spring 2009 TRUST Seminar Series
Download a pdf file with the complete schedule here.
Mobile Millennium: using smartphones to monitor traffic in privacy aware environments
Alexandre M. Bayen, Department of Civil and Environmental Engineering, UC Berkeley
Thursday, September 10, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. This talk describes how the mobile internet is changing the face of traffic monitoring at a rapid pace. In the last five years, cellular phone technology has bypassed several attempts to construct dedicated infrastructure systems to monitor traffic. Today, GPS equipped smartphones are progressively morphing into an ubiquitous traffic monitoring system, with the potential to provide information almost everywhere in the transportation network. Traffic information systems of this type are one of the first instantiations of participatory sensing for large scale cyberphysical infrastructure systems.
However, while mobile device technology is very promising, fundamental challenges remain to be solved to use it to its full extent, in particular in the fields of modeling and data assimilation. The talk will present a new system, called Mobile Millennium, launched recently by UC Berkeley, Nokia and Navteq, in which the driving public in Northern California can freely download software into their GPS equiped smartphones, enabling them to view traffic in real time and become probe vehicles themselves.
The smartphone data is collected in a privacy-by-design environment, using spatially aware sampling. Using data assimilation, the probe data is fused with existing sensor data, to provide real time estimates of traffic. The data assimilation scheme relies on the appropriate use of Ensemble Kalman Filtering on networked hyperbolic first order partial differential equations, and the construction of lower-semicontinuous viability solutions to Moskowitz Hamilton-Jacobi equations.
Results from experimental deployments in California and New York will be presented, as well as preliminary results from a pilot field operational test in California, with already more than 4,000 downloads.
.
Alexandre M. Bayen received the Engineering Degree in applied mathematics from the Ecole Polytechnique, France, in July 1998, the M.S. degree in aeronautics and astronautics from Stanford University in June 1999, and the Ph.D. in aeronautics and astronautics from Stanford University in December 2003. He was a Visiting Researcher at NASA Ames Research Center from 2000 to 2003. Between January 2004 and December 2004, he worked as the Research Director of the Autonomous Navigation Laboratory at the Laboratoire de Recherches Balistiques et Aerodynamiques, (Ministere de la Defense, Vernon, France), where he holds the rank of Major. He has been an Assistant Professor in the Department of Civil and Environmental Engineering at UC Berkeley since January 2005.
Clouds at the crossroads of Computing Costs, Energy and Security
Radu Sion, Department of Computer Science, Stony Brook University.
Thursday, September 17, 2009 at 1:00PM
< Cory Hall, 540A/B
Abstract. We aim to understand the economics of clouds and explore whether they make
sense. We show the answer is mostly yes, but only for compute intensive
applications with at least 1950 cycles / 32-bit input data word peanut
counting does not qualify.
We then explore the dollar cost of security, in particular in untrusted
outsourced and cloud computing environments. To this end we derive the
composite end-to-end cost of a CPU cycle in various environments. We
evaluate the cost of common cryptography and find out how many unforgeable
signatures the cost of a Brooklyn latte buys. Finally we ask whether
securing outsourced data and computation against curious and untrusted
clouds is viable and encounter a surprise: today& #39;s answer is mostly no --
securing outsourced cycles against untrusted clouds is costlier than the
gained savings. We will see in this talk why.
We illustrate in a cloud computing setting, yet we secretly hope this type
of reasoning will initiate a new current of practical, bottom-line aware
designs of security protocols and systems in general.
Radu Sion Radu is heading the Stony Brook Network Security and Applied Cryptography
(NSAC) Lab. His research lies in the areas of Information Assurance,
Applied Cryptography and Network Security. He builds systems mainly, but
enjoys ellegance and foundations, especially if of the very rare practical
variety. Sponsors and collaborators include IBM, IBM Research, Motorola,
NOKIA, Xerox, as well as the National Science Foundation. Radu is on the
steering board and organizing committees of conferences such as NDSS,
Oakland S&P, CCS, USENIX Security, SIGMOD, ICDE, FC a.o.
Conficker: grass roots response to global worms
Rick Wesson, Support Intelligence, Inc.
Thursday, September 24, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. Discussion of the global conficker worm and botnet. How it spread and
the global community of security professionals contained the worm. Who is still
effected and where are the 5 million systems in the botnet today.
Rick Wesson is the CEO, Support Intelligence, Inc.
Support Intelligence is a network security company located in San Francisco,
California. The company was founded in 2006 on the premise that malicious
network activity can best be controlled by applying modern machine learning
algorithms to large volumes of aggregated traffic data. Support Intelligence
mission is to keep networks clean, secure, and free of compromised hosts and it
does this by providing high quality, actionable information on malicious network
activity. Support Intelligence targets the highly distributed nature of internet
abuse in all its forms and monitoring and remediation solutions are built to the
specific needs of organizations running mission critical, professional grade
networks.
Rick is also the CEO of Alice Registry which he founded in 1999 to fund
open-source software development. Rick has built the technology back-ends for
many ICANN accredited registrars and has served as the Vice Chair and CTO of
ICANN Registrars Constituency and as a member of ICANN Security and
Stability Committee. Rick also served as the Vice-President of the Board of
Directors for the Santa Cruz Community Credit Union, the nation second largest
Community Development credit union where he sat on the credit and finance
committees. Rick has worked on fraud detection and Internet identification for
the financial services industry as well as developing many solutions for
registrars implementing the Whois, RRP, EPP, and DNS protocols. He believes
strongly in community development and financial literacy for both physical and
Internet communities.
ANTIDOTE: Understanding and Defending against the Poisoning of Anomaly Detectors
Nina Taft, Intel Research Berkeley
Thursday, October 1, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. The use of machine learning techniques to improve network design has
gained much popularity in the last few years. When these techniques
are applied to security problems, a fundamental problem arises; they
are susceptible to adversaries who poison the learning phase of such
techniques. When adversaries purposefully inject erroneous data into
the network during the data-collection and profile-building phase of
anomaly detectors, then the detectors learn the wrong model of what is
"normal". Subsequently their ability to detect "abnormal" activities
is compromised and attackers can circumvent the defense. In this talk,
we'll discuss both poisoning techniques and defenses against
poisoning, in the context of a particular anomaly detector - namely
the PCA-subspace method that is used to identify anomalies in backbone
networks. We first present three poisoning schemes, and show how
attackers can substantially increase their chance of successfully
evading detection with only moderate amounts of chaff. Moreover such
poisoning throws off the balance between false positives and false
negatives. To combat these poisoning activities, we design an antidote
by proposing an alternate
PCA-based detector that incorporates ideas from the field of robust
statistics. We'll show how our techniques significantly reduce the
effectiveness of poisoning for a variety of poisoning scenarios. We
also illustrate that they restore a good balance between false
positives and false negatives for the vast majority of the end-to-end
flows.
Nina Taft is a both a manager and a senior research scientist at Intel Research Berkeley.
Nina is currently managing about 1/3 of Intel's Research Lab in Berkeley. Her research is geared towards
making the Internet a safer place, and thus she works on security solutions for both network infrastructure
and for end-hosts (such as laptops and desktops). She is interested in improving security through the smart
use of measurement and inference technologies. In addition, she has worked in the areas of end-host profiling
for reliability purposes, the application of diversity paradigms to security solutions, protection against
data poisoning, overlay networks, and energy-aware proxies to reduce laptop energy consumption. Prior to
joining Intel, Nina worked at Sprint Labs for 5 years. There, she worked on ISP traffic engineering problems
such as traffic matrix estimation, routing, backbone traffic characterization and capacity planning. Prior
to Sprint, she worked at SRI International in Menlo Park, CA, and conducted research on congestion control
and QoS routing. Nina received her PhD from UC Berkeley.
Sun SPOTs, Sensor.Network and the Web of Things
Arshan Poursohi and Vipul Gupta Sun Microsystems Laboratories
Thursday, October 8, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. At Sun Microsystems Laboratories, our team has been working on several projects that explore wireless sensor networks,
machine-to-machine communication and the web of things. Sun SPOTs are small, battery-powered, wireless computers that can be programmed in Java.
Different types of sensors (e.g. GPS, temperature, humidity, proximity, light) and actuators (e.g. servos, motors) can be attached to these
devices for use in a wide range of applications. The security mechanisms we've developed for Sun SPOTs marry strong, efficient cryptography
with simple, user-transparent key management since the user, not cryptography, is often the "weakest link". Sun is a founding member of the
IPSO Alliance promoting the Internet Protocol as the communication standard for embedded systems and devices. Naturally, the SPOTs implement
IP networking and have proven to be an interesting platform for exploring the emerging world of machine-to-machine communication.
More recently, we've been developing Sensor.Network, a web-based service for sharing, visualizing and analyzing sensor data collected
from a variety of sources, e.g. mobile phones, automobiles and smart buildings. Its architecture places a strong emphasis on security
and privacy concerns and offers fine-grained control over how sensor data is shared. The service uses well established web principles
like REST to facilitate interaction between devices just as easily as that between humans and devices. We firmly believe that the Internet,
which started out as network of just four nodes, is poised for another round of rapid expansion as it embraces a new class of devices beyond
traditional servers, desktops, laptops, PDAs and smart phones.
Arshan Poursohi Arshan Poursohi is a Researcher for Sun Microsystems Laboratories, working on the Sun Small Programmable
Object Technology (Sun SPOT) project.
His research interests include Advanced Network Applications, biologically-inspired computing, Distributed Systems,
Intermittently-connected devices, Linux, Mobile Computing, Multi-user cooperative environments, Networking, Peer to peer,
practical automated reasoning and Multi-Agent Systems.
Vipul Gupta is a Distinguished Engineer at Sun Microsystems Laboratories where his research interests include scalable services
for the aggregation, analysis, and visualization of sensor data, and user-friendly security mechanisms for highly resource-constrained
devices. His previous research activities include elliptic curve cryptogrpahy (ECC), mobile computing and parallel processing. Besides
publishing over thirty technical articles in refereed journals and conferences, he has authored several internet-drafts and RFCs at the
IETF including RFC 4492 which standardizes the use of ECC in SSL/TLS. Gupta has also contributed code to major open source projects and
was instrumental in bringing the ECC next-generation public-key technology to Firefox, OpenSSL, and Apache. At Sun, he has been a
co-recipient of the 2008 Innovation Award, the 2004 Chairman's Award for Innovation, two Sun Labs Technology Transfer Awards and an
honoree of the Computerworld Horizon Award 2006. His development of the world's smallest secure web server, Sizzle (about the size of
a quarter-dollar coin) received the Mark Weiser Best Paper Award at the IEEE Pervasive Computing and Communications Conference in 2005.
Of frogs and herds: Behavioral Economics, Malleable Privacy Valuations, and
Context-dependent Willingness to Divulge Personal Information
Alessandro Acquisti, Heinz College, Carnegie Mellon University
Thursday, October 15, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. The talk will present a number of experiments investigating privacy valuations and
decision making through the lenses of behavioral economics. Contrary to the
assumption in much social science that people have stable, coherent
preferences with respect to personal privacy, we find that privacy
valuations measured by willingness to trade-off personal information for
monetary rewards and concerns about privacy measured by divulgence of
private information are highly sensitive to contextual factors.
Results from a number of experiments will be reported, one of which was designed to measure
individual willingness to pay to protect and willingness to accept to
divulge personal data; while others were designed to elicit or to suppress
privacy concerns. This research raises questions about whether individuals
are able to navigate in a self-interested fashion increasingly complex
issues of privacy.
Alessandro Acquisti is an Associate Professor of Information Technology and
Public Policy at the Heinz College, Carnegie Mellon University, a member of
Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work
investigates the economic and social impact of IT, and in particular the
economics and behavioral economics of privacy and information security. His
research in these areas has been disseminated through journals including
Proceedings of the National Academy of Science, Marketing Science, Marketing
Letters, IEEE Security & Privacy, Journal of Comparative Economics, Rivista
di Politica Economica, and so forth edited books "Digital Privacy:
Theory, Technologies, and Practices. Auerbach, 2007; book chapters; and
leading international conference. His findings have been featured in media
outlets such as NPR Fresh Air, NBC, MSNBC.com, the Washington Post, the New
York Times, the Wall Street Journal, the New Scientist, CNN, Fox News, and
more.
Proofs of Retrievability: Toward RAID in the Cloud
Ari Juels, RSA
Thursday, October 22, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. With the rapid migration of digital resources into the cloud,
users are losing many of the traditional assurances of storage
reliability that come with platform ownership and control.
In this talk we will discuss a concept called a Proof of Retrievability, POR,
an integrity-checking protocol for cloud storage. With
communication of just some tens of bytes, a POR enables a client to
achieve high-assurance verification of the integrity and availability of
an arbitrarily large file in the cloud. In a distributed setting, PORs
enable a single entity to amalgamate a collection of low-reliability
storage providers into a high-reliability storage-system abstraction,
even in the face of malicious provider behavior. The result is, loosely
speaking, an analog of RAID (Redundant Array of Inexpensive Disks) in
the cloud.
Joint work with Kevin Bowers and Alina Oprea, to appear in ACM CCS 09
and ACM CCSW 09.
Ari Juels is Chief Scientist and Director of RSA Laboratories. He
received his Ph.D. in Computer Science from U.C. Berkeley in 1996. His
research publications span topics including biometric security, RFID
security and privacy, electronic voting, browser security, combinatorial
optimization, and denial-of-service protection.
Ari is also author of the cyberthriller / mystery novel Tetraktys 2009,
Emerald Bay Books.
NO TRUST SEMINAR DUE TO TRUST MEETING
Thursday, October 29, 2009 at 1:00PM
Polymorphic Shellcode:The Demise of Signature-based Detection. Smashing the Stack with Hydra
Salvatore J. Stolfo, Department of Computer Science, Columbia University
Thursday, November 5, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. Recent work on the analysis of polymorphic shellcode engines suggests that modern
obfuscation methods would soon eliminate the usefulness of signature-based network
intrusion detection methods and supports growing views that the new generation of
shellcode cannot be accurately and efficiently represented by the string signatures
which current IDS and AV scanners rely upon. We expand on this area of study by
demonstrating several concepts in advanced shellcode polymorphism with a
proof-of-concept engine which we call Hydra. Hydra distinguishes itself by integrating
an array of obfuscation techniques, such as recursive NOP sleds and multi-layer
ciphering into one system while offering multiple improvements upon existing
strategies. In total, Hydra simultaneously attacks signature, statistical,
disassembly, behavioral and emulation-based sensors, as well as frustrates
offline forensics. This engine was developed to present an updated view of the
frontier of modern polymorphic shellcode and provide an effective tool for
evaluation of IDS systems, Cyber test ranges and other related security technologies.
Salvatore J. Stolfo received his Ph.D. from NYU Courant Institute in 1979 and
has been on the faculty of Columbia ever since. He has published extensively
in the areas of parallel computing, AI knowledge-based systems, data mining
and most recently computer security and intrusion detection systems
see www.cs.columbia.edu/ids. Among his earliest work, Stolfo developed a
large-scale expert data analysis system for the nation?s phone system and
he built the 1023-processor DADO parallel computer that was the first parallel
machine providing large-scale commercial speech recognition services. This early
work in parallel computing pioneered the Single Program Multiple Data SPMD model
of parallel processing. His most recent research has been devoted to distributed
data mining systems with applications to fraud and intrusion detection systems.
His IDS lab, established in 1996 and sponsored by DARPA, pioneered the use of
distributed, privacy-preserving machine learning techniques, and adaptive
generation of novel sensors and anomaly detectors for a variety of tasks in
computer security. His most recent research is devoted to payload anomaly
detection for zero-day exploits, secure private querying and automatic bait
generation to mitigate the insider threat. The Columbia IDS lab has produced
over a dozen patent applications filed by Columbia University for security
and privacy technologies some of which have been licensed to commercial enterprises.
Professor Stolfo serves as a consultant to DARPA and other
federal agencies. Presently he is a member of the National Academy?s
Naval Study Board Committee on IA for Naval Centric Forces. Professor Stolfo
has graduated over 25 PhD students and many dozens of Master's students.
Everything you know about cybercrime is wrong
Cormac Herley, Microsoft
Thursday, November 12, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. The popular and trade presses are full of stories about the easy money in Cybercrime. We are told that phishers and ID thieves harvest
money at will, and even those without skills can buy what they need and sell what they produce on underground IRC markets. Estimates of the size of this
underground economy vary, but common to most accounts is that it is large and growing rapidly.
Looking at the best available data we show that this is all wrong. Claims that this underground economy is worth billions are unsupported by evidence,
violate basic economic principles and defy common sense. Our analysis suggests that the laws of economics have not been suspended: low-skill jobs still
pay like low-skill jobs. Phishing and spam are subject to the tragedy of the commons, so returns are very low. Anonymous IRC channels are ripper-infested
lemon markets with little real commerce. Widely circulated estimates of the size of the phishing and IRC markets crumble on inspection and are off by
orders of magnitude. This sheds new light on our adversaries and generates some surprising conclusions. For example, banks have more to lose than gain by
deploying stronger authentication technologies. Users are behaving rationally in ignoring most security advice. By repeating dubious reports of
Cybercrime riches whitehats actively and energetically recruit their own opponents.
Cormac Herley is a Principal Researcher at Microsoft Research. His main current interests are data and signal analysis problems that reduce
complexity and help users avoid harm. He's been at MSR since 1999, and before that was at HP where he headed the company's currency anti-counterfeiting
efforts. Some of his recent published work has focused on problems of passwords and authentication, the economics of cybercrime, phishing prevention
technologies and keylogger resistant access to existing web accounts.
He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. He has
authored more than 50 peer reviewed papers, is inventor of 70 or so US patents (issued or pending) and has shipped technologies used by millions of
users.
On Voting Machine Design for Verification and Testability
Cynthia Sturton University of California, Berkeley
Thursday, November 19, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract.
We present an approach for the design and analysis of an electronic
voting machine based on a novel combination of formal verification
and systematic testing. The system was designed specifically
to enable verification and testing. In our architecture, the voting
machine is a finite-state transducer that implements the bare essentials
required for an election. We formally specify how each
component of the machine is intended to work and formally verify
that a Verilog implementation of our design meets this specification.
However, it is more challenging to verify that the composition
of these components will behave as a voter would expect, because
formalizing human expectations is difficult. We show how systematic
testing can be used to address this issue, and in particular to
verify that the machine will behave correctly on election day.
This presentation is based on joint work with Susmit Jha, Sanjit A. Seshia, and David Wagner
0Day and Undiscovered Software Vulnerabilities
Miles McQueen, Idaho National Lab and University of Idaho
Thursday, December 3, 2009 at 1:00PM
Soda Hall, Wozniak Lounge
Abstract. Software vulnerabilities may be undiscovered, discovered but not publicly announced (0Day), publicly announced but not patched, or patched. Vulnerabilities which have been patched pose no risk to the system. Vulnerabilities which have been publicly announced but not patched pose a risk, but the system owners are easily aware of the vulnerability and may implement appropriate mitigations. Unfortunately, 0Day vulnerabilities represent an understudied and potentially significant threat to systems, including those responsible for operating our critical infrastructure, and undiscovered vulnerabilities are the pool from which 0Days are drawn.
This presentation will discuss a method for estimating how many 0Day vulnerabilities are in existence at any given moment in time, review and comment on the literature related to whether finding (and patching?) software vulnerabilities makes systems more secure, and ends by asking whether the government should fund the discovery of vulnerabilities in deployed software or would be better served by focusing those precious security resources on research into more foundational solutions such as system resilience.
Miles McQueen is a Principal Investigator in the Idaho National laboratory's Cyber Security R&D department. Miles has held a variety of leadership roles at the Idaho National laboratory (INL), and has also been Director of the University of Idaho's Computer Science Program at the Idaho Falls Center for Higher Education. With well over 20 peer reviewed scientific publications, Miles has recently led a research team investigating novel 0Day vulnerability estimation techniques for control systems and is currently leading the development of cyber threat modeling efforts for a variety of large critical infrastructure simulations. Before the threat modeling and 0Day research, Miles led research teams in the investigation of attack graphs and attack surfaces in collaboration with Carnegie Mellon University, Princeton University, and Kansas State University Computer Science faculty. Miles has also performed successful research work in survivable systems including collaboration with University of Idaho Computer Science faculty in the investigation of two tiered architectures for hardening systems against attack.
During the past year at the INL, Miles was nationally recognized by cyber security experts in a variety of ways including requests to support the Associate Director for Information Assurance in the Office of the Deputy Under Secretary of Defense (Science and Technology) in development of a metrics research agenda to improve the assessment of critical system security; invitation by U.S. Senators to help prepare plans for the new administration on the future directions of cyber security research and development; and requests to support the Department of Homeland Security-Science and Technology workshops to develop research roadmaps for addressing the 'hard' problems in cyber security.
Details about how the seminar is managed can be found at
How is the TRUST Seminar managed?
|