TRUST Seminar Series

If you are visiting Cory Hall from off campus, please see the Visitor Information page.
To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.
(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Spring 2009 TRUST Seminar Series

Download a pdf file with the complete schedule here.

   Thursday, September 10, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. This talk describes how the mobile internet is changing the face of traffic monitoring at a rapid pace. In the last five years, cellular phone technology has bypassed several attempts to construct dedicated infrastructure systems to monitor traffic. Today, GPS equipped smartphones are progressively morphing into an ubiquitous traffic monitoring system, with the potential to provide information almost everywhere in the transportation network. Traffic information systems of this type are one of the first instantiations of participatory sensing for large scale cyberphysical infrastructure systems. However, while mobile device technology is very promising, fundamental challenges remain to be solved to use it to its full extent, in particular in the fields of modeling and data assimilation. The talk will present a new system, called Mobile Millennium, launched recently by UC Berkeley, Nokia and Navteq, in which the driving public in Northern California can freely download software into their GPS equiped smartphones, enabling them to view traffic in real time and become probe vehicles themselves. The smartphone data is collected in a privacy-by-design environment, using spatially aware sampling. Using data assimilation, the probe data is fused with existing sensor data, to provide real time estimates of traffic. The data assimilation scheme relies on the appropriate use of Ensemble Kalman Filtering on networked hyperbolic first order partial differential equations, and the construction of lower-semicontinuous viability solutions to Moskowitz Hamilton-Jacobi equations. Results from experimental deployments in California and New York will be presented, as well as preliminary results from a pilot field operational test in California, with already more than 4,000 downloads.  .

Alexandre M. Bayen received the Engineering Degree in applied mathematics from the Ecole Polytechnique, France, in July 1998, the M.S. degree in aeronautics and astronautics from Stanford University in June 1999, and the Ph.D. in aeronautics and astronautics from Stanford University in December 2003. He was a Visiting Researcher at NASA Ames Research Center from 2000 to 2003. Between January 2004 and December 2004, he worked as the Research Director of the Autonomous Navigation Laboratory at the Laboratoire de Recherches Balistiques et Aerodynamiques, (Ministere de la Defense, Vernon, France), where he holds the rank of Major. He has been an Assistant Professor in the Department of Civil and Environmental Engineering at UC Berkeley since January 2005.

   Thursday, September 17, 2009 at 1:00PM
<    Cory Hall, 540A/B

Abstract. We aim to understand the economics of clouds and explore whether they make sense. We show the answer is mostly yes, but only for compute intensive applications with at least 1950 cycles / 32-bit input data word peanut counting does not qualify. We then explore the dollar cost of security, in particular in untrusted outsourced and cloud computing environments. To this end we derive the composite end-to-end cost of a CPU cycle in various environments. We evaluate the cost of common cryptography and find out how many unforgeable signatures the cost of a Brooklyn latte buys. Finally we ask whether securing outsourced data and computation against curious and untrusted clouds is viable and encounter a surprise: today& #39;s answer is mostly no -- securing outsourced cycles against untrusted clouds is costlier than the gained savings. We will see in this talk why. We illustrate in a cloud computing setting, yet we secretly hope this type of reasoning will initiate a new current of practical, bottom-line aware designs of security protocols and systems in general.

Radu Sion Radu is heading the Stony Brook Network Security and Applied Cryptography (NSAC) Lab. His research lies in the areas of Information Assurance, Applied Cryptography and Network Security. He builds systems mainly, but enjoys ellegance and foundations, especially if of the very rare practical variety. Sponsors and collaborators include IBM, IBM Research, Motorola, NOKIA, Xerox, as well as the National Science Foundation. Radu is on the steering board and organizing committees of conferences such as NDSS, Oakland S&P, CCS, USENIX Security, SIGMOD, ICDE, FC a.o.

   Thursday, September 24, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Discussion of the global conficker worm and botnet. How it spread and the global community of security professionals contained the worm. Who is still effected and where are the 5 million systems in the botnet today.

Rick Wesson is the CEO, Support Intelligence, Inc. Support Intelligence is a network security company located in San Francisco, California. The company was founded in 2006 on the premise that malicious network activity can best be controlled by applying modern machine learning algorithms to large volumes of aggregated traffic data. Support Intelligence mission is to keep networks clean, secure, and free of compromised hosts and it does this by providing high quality, actionable information on malicious network activity. Support Intelligence targets the highly distributed nature of internet abuse in all its forms and monitoring and remediation solutions are built to the specific needs of organizations running mission critical, professional grade networks. Rick is also the CEO of Alice Registry which he founded in 1999 to fund open-source software development. Rick has built the technology back-ends for many ICANN accredited registrars and has served as the Vice Chair and CTO of ICANN Registrars Constituency and as a member of ICANN Security and Stability Committee. Rick also served as the Vice-President of the Board of Directors for the Santa Cruz Community Credit Union, the nation second largest Community Development credit union where he sat on the credit and finance committees. Rick has worked on fraud detection and Internet identification for the financial services industry as well as developing many solutions for registrars implementing the Whois, RRP, EPP, and DNS protocols. He believes strongly in community development and financial literacy for both physical and Internet communities.

   Thursday, October 1, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. The use of machine learning techniques to improve network design has gained much popularity in the last few years. When these techniques are applied to security problems, a fundamental problem arises; they are susceptible to adversaries who poison the learning phase of such techniques. When adversaries purposefully inject erroneous data into the network during the data-collection and profile-building phase of anomaly detectors, then the detectors learn the wrong model of what is "normal". Subsequently their ability to detect "abnormal" activities is compromised and attackers can circumvent the defense. In this talk, we'll discuss both poisoning techniques and defenses against poisoning, in the context of a particular anomaly detector - namely the PCA-subspace method that is used to identify anomalies in backbone networks. We first present three poisoning schemes, and show how attackers can substantially increase their chance of successfully evading detection with only moderate amounts of chaff. Moreover such poisoning throws off the balance between false positives and false negatives. To combat these poisoning activities, we design an antidote by proposing an alternate PCA-based detector that incorporates ideas from the field of robust statistics. We'll show how our techniques significantly reduce the effectiveness of poisoning for a variety of poisoning scenarios. We also illustrate that they restore a good balance between false positives and false negatives for the vast majority of the end-to-end flows.

Nina Taft is a both a manager and a senior research scientist at Intel Research Berkeley. Nina is currently managing about 1/3 of Intel's Research Lab in Berkeley. Her research is geared towards making the Internet a safer place, and thus she works on security solutions for both network infrastructure and for end-hosts (such as laptops and desktops). She is interested in improving security through the smart use of measurement and inference technologies. In addition, she has worked in the areas of end-host profiling for reliability purposes, the application of diversity paradigms to security solutions, protection against data poisoning, overlay networks, and energy-aware proxies to reduce laptop energy consumption. Prior to joining Intel, Nina worked at Sprint Labs for 5 years. There, she worked on ISP traffic engineering problems such as traffic matrix estimation, routing, backbone traffic characterization and capacity planning. Prior to Sprint, she worked at SRI International in Menlo Park, CA, and conducted research on congestion control and QoS routing. Nina received her PhD from UC Berkeley.

   Thursday, October 8, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. At Sun Microsystems Laboratories, our team has been working on several projects that explore wireless sensor networks, machine-to-machine communication and the web of things. Sun SPOTs are small, battery-powered, wireless computers that can be programmed in Java. Different types of sensors (e.g. GPS, temperature, humidity, proximity, light) and actuators (e.g. servos, motors) can be attached to these devices for use in a wide range of applications. The security mechanisms we've developed for Sun SPOTs marry strong, efficient cryptography with simple, user-transparent key management since the user, not cryptography, is often the "weakest link". Sun is a founding member of the IPSO Alliance promoting the Internet Protocol as the communication standard for embedded systems and devices. Naturally, the SPOTs implement IP networking and have proven to be an interesting platform for exploring the emerging world of machine-to-machine communication. More recently, we've been developing Sensor.Network, a web-based service for sharing, visualizing and analyzing sensor data collected from a variety of sources, e.g. mobile phones, automobiles and smart buildings. Its architecture places a strong emphasis on security and privacy concerns and offers fine-grained control over how sensor data is shared. The service uses well established web principles like REST to facilitate interaction between devices just as easily as that between humans and devices. We firmly believe that the Internet, which started out as network of just four nodes, is poised for another round of rapid expansion as it embraces a new class of devices beyond traditional servers, desktops, laptops, PDAs and smart phones.

Arshan Poursohi Arshan Poursohi is a Researcher for Sun Microsystems Laboratories, working on the Sun Small Programmable Object Technology (Sun SPOT) project. His research interests include Advanced Network Applications, biologically-inspired computing, Distributed Systems, Intermittently-connected devices, Linux, Mobile Computing, Multi-user cooperative environments, Networking, Peer to peer, practical automated reasoning and Multi-Agent Systems.

Vipul Gupta is a Distinguished Engineer at Sun Microsystems Laboratories where his research interests include scalable services for the aggregation, analysis, and visualization of sensor data, and user-friendly security mechanisms for highly resource-constrained devices. His previous research activities include elliptic curve cryptogrpahy (ECC), mobile computing and parallel processing. Besides publishing over thirty technical articles in refereed journals and conferences, he has authored several internet-drafts and RFCs at the IETF including RFC 4492 which standardizes the use of ECC in SSL/TLS. Gupta has also contributed code to major open source projects and was instrumental in bringing the ECC next-generation public-key technology to Firefox, OpenSSL, and Apache. At Sun, he has been a co-recipient of the 2008 Innovation Award, the 2004 Chairman's Award for Innovation, two Sun Labs Technology Transfer Awards and an honoree of the Computerworld Horizon Award 2006. His development of the world's smallest secure web server, Sizzle (about the size of a quarter-dollar coin) received the Mark Weiser Best Paper Award at the IEEE Pervasive Computing and Communications Conference in 2005.

   Thursday, October 15, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. The talk will present a number of experiments investigating privacy valuations and decision making through the lenses of behavioral economics. Contrary to the assumption in much social science that people have stable, coherent preferences with respect to personal privacy, we find that privacy valuations measured by willingness to trade-off personal information for monetary rewards and concerns about privacy measured by divulgence of private information are highly sensitive to contextual factors. Results from a number of experiments will be reported, one of which was designed to measure individual willingness to pay to protect and willingness to accept to divulge personal data; while others were designed to elicit or to suppress privacy concerns. This research raises questions about whether individuals are able to navigate in a self-interested fashion increasingly complex issues of privacy.

Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University, a member of Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work investigates the economic and social impact of IT, and in particular the economics and behavioral economics of privacy and information security. His research in these areas has been disseminated through journals including Proceedings of the National Academy of Science, Marketing Science, Marketing Letters, IEEE Security & Privacy, Journal of Comparative Economics, Rivista di Politica Economica, and so forth edited books "Digital Privacy: Theory, Technologies, and Practices. Auerbach, 2007; book chapters; and leading international conference. His findings have been featured in media outlets such as NPR Fresh Air, NBC, MSNBC.com, the Washington Post, the New York Times, the Wall Street Journal, the New Scientist, CNN, Fox News, and more.

   Thursday, October 22, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. With the rapid migration of digital resources into the cloud, users are losing many of the traditional assurances of storage reliability that come with platform ownership and control. In this talk we will discuss a concept called a Proof of Retrievability, POR, an integrity-checking protocol for cloud storage. With communication of just some tens of bytes, a POR enables a client to achieve high-assurance verification of the integrity and availability of an arbitrarily large file in the cloud. In a distributed setting, PORs enable a single entity to amalgamate a collection of low-reliability storage providers into a high-reliability storage-system abstraction, even in the face of malicious provider behavior. The result is, loosely speaking, an analog of RAID (Redundant Array of Inexpensive Disks) in the cloud. Joint work with Kevin Bowers and Alina Oprea, to appear in ACM CCS 09 and ACM CCSW 09.

Ari Juels is Chief Scientist and Director of RSA Laboratories. He received his Ph.D. in Computer Science from U.C. Berkeley in 1996. His research publications span topics including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection. Ari is also author of the cyberthriller / mystery novel Tetraktys 2009, Emerald Bay Books.

   Thursday, October 29, 2009 at 1:00PM
  

   Thursday, November 5, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Recent work on the analysis of polymorphic shellcode engines suggests that modern obfuscation methods would soon eliminate the usefulness of signature-based network intrusion detection methods and supports growing views that the new generation of shellcode cannot be accurately and efficiently represented by the string signatures which current IDS and AV scanners rely upon. We expand on this area of study by demonstrating several concepts in advanced shellcode polymorphism with a proof-of-concept engine which we call Hydra. Hydra distinguishes itself by integrating an array of obfuscation techniques, such as recursive NOP sleds and multi-layer ciphering into one system while offering multiple improvements upon existing strategies. In total, Hydra simultaneously attacks signature, statistical, disassembly, behavioral and emulation-based sensors, as well as frustrates offline forensics. This engine was developed to present an updated view of the frontier of modern polymorphic shellcode and provide an effective tool for evaluation of IDS systems, Cyber test ranges and other related security technologies.

Salvatore J. Stolfo received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He has published extensively in the areas of parallel computing, AI knowledge-based systems, data mining and most recently computer security and intrusion detection systems see www.cs.columbia.edu/ids. Among his earliest work, Stolfo developed a large-scale expert data analysis system for the nation?s phone system and he built the 1023-processor DADO parallel computer that was the first parallel machine providing large-scale commercial speech recognition services. This early work in parallel computing pioneered the Single Program Multiple Data SPMD model of parallel processing. His most recent research has been devoted to distributed data mining systems with applications to fraud and intrusion detection systems. His IDS lab, established in 1996 and sponsored by DARPA, pioneered the use of distributed, privacy-preserving machine learning techniques, and adaptive generation of novel sensors and anomaly detectors for a variety of tasks in computer security. His most recent research is devoted to payload anomaly detection for zero-day exploits, secure private querying and automatic bait generation to mitigate the insider threat. The Columbia IDS lab has produced over a dozen patent applications filed by Columbia University for security and privacy technologies some of which have been licensed to commercial enterprises. Professor Stolfo serves as a consultant to DARPA and other federal agencies. Presently he is a member of the National Academy?s Naval Study Board Committee on IA for Naval Centric Forces. Professor Stolfo has graduated over 25 PhD students and many dozens of Master's students.

   Thursday, November 12, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. The popular and trade presses are full of stories about the easy money in Cybercrime. We are told that phishers and ID thieves harvest money at will, and even those without skills can buy what they need and sell what they produce on underground IRC markets. Estimates of the size of this underground economy vary, but common to most accounts is that it is large and growing rapidly. Looking at the best available data we show that this is all wrong. Claims that this underground economy is worth billions are unsupported by evidence, violate basic economic principles and defy common sense. Our analysis suggests that the laws of economics have not been suspended: low-skill jobs still pay like low-skill jobs. Phishing and spam are subject to the tragedy of the commons, so returns are very low. Anonymous IRC channels are ripper-infested lemon markets with little real commerce. Widely circulated estimates of the size of the phishing and IRC markets crumble on inspection and are off by orders of magnitude. This sheds new light on our adversaries and generates some surprising conclusions. For example, banks have more to lose than gain by deploying stronger authentication technologies. Users are behaving rationally in ignoring most security advice. By repeating dubious reports of Cybercrime riches whitehats actively and energetically recruit their own opponents.

Cormac Herley is a Principal Researcher at Microsoft Research. His main current interests are data and signal analysis problems that reduce complexity and help users avoid harm. He's been at MSR since 1999, and before that was at HP where he headed the company's currency anti-counterfeiting efforts. Some of his recent published work has focused on problems of passwords and authentication, the economics of cybercrime, phishing prevention technologies and keylogger resistant access to existing web accounts. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. He has authored more than 50 peer reviewed papers, is inventor of 70 or so US patents (issued or pending) and has shipped technologies used by millions of users.

   Thursday, November 19, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. We present an approach for the design and analysis of an electronic voting machine based on a novel combination of formal verification and systematic testing. The system was designed specifically to enable verification and testing. In our architecture, the voting machine is a finite-state transducer that implements the bare essentials required for an election. We formally specify how each component of the machine is intended to work and formally verify that a Verilog implementation of our design meets this specification. However, it is more challenging to verify that the composition of these components will behave as a voter would expect, because formalizing human expectations is difficult. We show how systematic testing can be used to address this issue, and in particular to verify that the machine will behave correctly on election day. This presentation is based on joint work with Susmit Jha, Sanjit A. Seshia, and David Wagner

   Thursday, December 3, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. Software vulnerabilities may be undiscovered, discovered but not publicly announced (0Day), publicly announced but not patched, or patched. Vulnerabilities which have been patched pose no risk to the system. Vulnerabilities which have been publicly announced but not patched pose a risk, but the system owners are easily aware of the vulnerability and may implement appropriate mitigations. Unfortunately, 0Day vulnerabilities represent an understudied and potentially significant threat to systems, including those responsible for operating our critical infrastructure, and undiscovered vulnerabilities are the pool from which 0Days are drawn. This presentation will discuss a method for estimating how many 0Day vulnerabilities are in existence at any given moment in time, review and comment on the literature related to whether finding (and patching?) software vulnerabilities makes systems more secure, and ends by asking whether the government should fund the discovery of vulnerabilities in deployed software or would be better served by focusing those precious security resources on research into more foundational solutions such as system resilience.

Miles McQueen is a Principal Investigator in the Idaho National laboratory's Cyber Security R&D department. Miles has held a variety of leadership roles at the Idaho National laboratory (INL), and has also been Director of the University of Idaho's Computer Science Program at the Idaho Falls Center for Higher Education. With well over 20 peer reviewed scientific publications, Miles has recently led a research team investigating novel 0Day vulnerability estimation techniques for control systems and is currently leading the development of cyber threat modeling efforts for a variety of large critical infrastructure simulations. Before the threat modeling and 0Day research, Miles led research teams in the investigation of attack graphs and attack surfaces in collaboration with Carnegie Mellon University, Princeton University, and Kansas State University Computer Science faculty. Miles has also performed successful research work in survivable systems including collaboration with University of Idaho Computer Science faculty in the investigation of two tiered architectures for hardening systems against attack. During the past year at the INL, Miles was nationally recognized by cyber security experts in a variety of ways including requests to support the Associate Director for Information Assurance in the Office of the Deputy Under Secretary of Defense (Science and Technology) in development of a metrics research agenda to improve the assessment of critical system security; invitation by U.S. Senators to help prepare plans for the new administration on the future directions of cyber security research and development; and requests to support the Department of Homeland Security-Science and Technology workshops to develop research roadmaps for addressing the 'hard' problems in cyber security.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?