TRUST Seminar Series

If you are visiting Cory Hall from off campus, please see the Visitor Information page.
To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.
(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Spring 2009 TRUST Seminar Series

Download a pdf file with the complete schedule here.

   Thursday, February 5, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract.  The role and penetration of computing systems and networks in societal infrastructure continues to grow, and their importance to our safety and security has never been greater. As society uses computers, systems, and networks in increasingly important ways, the underlying technology provided often does not meet the desired level of trust and many critical infrastructure systems remain untrustworthy. To address these problems, the U.S. National Science Foundation established the Team for Research in Ubiquitous Secure Technology (TRUST). TRUST is a multi-disciplinary, multi-university research center focused on advancing the scientific foundations of cyber security and improved critical infrastructure systems by addressing the policy, legal, social, and economic implications of technology-based solutions. This talk discusses how and why TRUST was established, describes the center's organization and unique government/academia/industry operational model, presents examples of the challenges being addressed by the center, and highlights a few success stories from the center's research, education, outreach, and knowledge transfer activities.

Larry Rohrbough is Executive Director of the TRUST Science & Technology Center at the University of California, Berkeley. Larry has over 15 years of experience in software engineering, technology consulting, program management, and public/private research and development initiatives. He has domain expertise in the areas of embedded systems, wireless sensor networks, complex, software-intensive systems, and large-scale operations support systems (OSSs). Larry holds a B.S. in Systems Analysis from Miami University and an M.S. in Software Systems Engineering from George Mason University.

   Thursday, February 12, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract. We argue that the CAPTCHA may be near the end of its useful life, and propose an alternative throttling mechanism to control access to web resources. We analyze our proposed solution against a collection of realistic adversaries and conclude that it is a viable approach. As a result of potential independent value, we describe heuristic tools to identify cookie theft, machine cloning attacks, and DNS poisoning attacks.

Markus Jakobsson is a Principal Scientist at PARC, and a member of the PARC security group. While he is maybe best known for his research on phishing and crimeware, he has also made significant contributions to online payment schemes, applied security, security education, and privacy-preserving cryptographic protocols. Markus believes in taking a holistic approach to security, in which everything is measured, modeled and considered in the final design. This belief has compelled him to study the human aspect of security, and has guided his work on phishing, crimeware, user authentication, and user messaging. Before joining PARC, Markus held positions at Bell Labs, RSA Labs, New York University, Indiana University, and RavenWhite, the anti-fraud startup that he co-founded. He holds over 100 patents and has published two books and over a hundred papers. He has a PhD in Computer Science from University of California at San Diego, a Masters degree in engineering from Lund Institute of Technology, and a Scottish Terrier named Zero.

   Thursday, February 19, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract.   We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.

David Molnar is a PhD candidate at the University of California, Berkeley. He is advised by David Wagner and works on computer security, applied cryptography, and electronic privacy. His other work focuses on techniques for finding bugs in software at scale using cloud computing, see http://www.metafuzz.com . David received a bachelor's degree from Harvard and a master's from Berkeley in 2003 and 2006 respectively. David is a past National Science Foundation Graduate Fellow and Intel OCR Fellow. This talk describes joint work with Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, Dag Arne Osvik, and Benne de Weger.

   Thursday, February 26, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract.   From its inception in 2004, the DETER testbed facility has provided effective, dedicated experimental resources and expertise to a broad range of academic, industrial and government researchers. Now, building on knowledge gained, the DETER developers and community are moving beyond the classic 'testbed' model and towards the creation and deployment of fundamentally transformational cybersecurity research methodologies. This talk discusses underlying rationale, together with initial design and implementation, of key technical concepts that drive these transformations.

Terry V. Benzel is Deputy Director for the Computer Networks Division at the Information Sciences Institute (ISI) of the University of Southern California (USC). She participates in business development, technology transfer and special projects with industrial and academic partners. She is the technical project lead for the Cyber Defense Technology Experimental Research (DETER) testbed jointly funded by NSF and DHS. The project is developing an experimental infrastructure network and scientifically rigorous testing frameworks and methodologies to support the development and demonstration of next-generation information security technologies for cyber defense. Ms. Benzel has a joint appointment at the Marshall School of Business where she is a researcher at the Institute for Critical Information Infrastructure Protection. She is responsible for helping to develop Systemic Security Management as an open source body of work and developing public/private partnerships in information security research. Prior to joining USC ISI, Ms. Benzel was a Division Vice President at Network Associates, Inc. where she was responsible for all aspects of the 125-staff advanced research organization performing government funded R&D for DARPA and other agencies. Ms. Benzel has served as an advisor to government and industry on R&D strategy and roadmap development, providing guidance to White House Office of Science Technology and Policy, Critical Infrastructure Assurance Office, Department Of Defense and industry alliances. She testified before House Committee on Science, `Cyber Security, How Can We Protect American Computer Networks from Attack: The Importance of Research and Development'.

   Wednesday, March 4 , 2009 at 3:00PM
   290, Hearst Memorial Mining Building

Abstract.   Through requiring surveillance capabilities be built into Internet voice communications systems and expanding warrantless wiretapping to any communications where one end was reasonably believed to be located outside the U.S., the U.S. government is slowly but steadily extending wiretapping capabilities to the Internet. This effort is in the name of national security. But building architected security breaches into a communications network carries real risks. In a world that has both al-Qaeda and Hurricane Katrina, does this increased wiretapping capability make us safer? We will examine what real security needs are in a post 9/11 world.

Susan Landau is a Distinguished Engineer at Sun Microsystems , where she concentrates on the interplay between security and public policy. Before joining Sun, Landau was a faculty member at the University of Massachusetts and Wesleyan University. She and Whitfield Diffie have written Privacy on the Line: The Politics of Wiretapping and Encryption. She served for six years on the National Institute of Standards and Technology's Information Security and Privacy Advisory Board. Currently she is an associate editor for IEEE Security and Privacy and a section board member of Communications of the ACM. She maintains researcHers, a mailing list for women computer science researchers and the Booklist, a list of computer science books by women computer scientists. Landau is the recipient of the 2008 Women of Vision Social Impact Award, a Fellow of the American Association for the Advancement of Science and an ACM Distinguished Engineer.

   Thursday, March 5, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract.   Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. Native Client uses software fault isolation and a specialized runtime to direct all system interaction and side effects through managed interfaces. It supports performance-oriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler. We combine these properties in an open architecture designed to leverage existing web standards, and to encourage community review and 3rd-party tools.This technical talk will cover system design and implementation, and some of our experiences securing and using the system.
In December 2008 we open-sourced this system. For more information and resources see http://code.google.com/p/nativeclient

J. Bradley Chen manages the Native Client project at Google, where he has also worked on cluster performance analysis projects. Prior to joining Google, he was Director of the Performance Tools Lab in Intel's Software Products Division. Chen served on the faculty of Harvard University from 1994-1998, conducting research in operating systems, computer architecture and distributed system, and teaching a variety of related graduate and undergraduate courses. He has published widely on the subjects of systems performance and computer architecture. Dr. Chen has bachelors and masters degrees from Stanford University and a Ph.D. from Carnegie Mellon University.

   John Chuang, School of Information, Univeristy of California at Berkeley

   Thursday, March 12, 2009 at 1:00PM
   Soda Hall, Wozniak Lounge

Abstract.   Are we investing too little in information security? Are we investing too much? Since Anderson and Varian asked this pair of questions in 2002, much progress has been made in understanding rational decision-making in information security. In this talk, I will discuss the challenges of applying risk management to security, highlight the public goods nature of interdependent security, explore the tradeoffs between protection and insurance, and motivate a new "weakest target" game to investigate incentive dynamics of botnets and other classes of attacks.

John Chuang is Associate Professor of Information Management and Systems at the University of California, Berkeley. He received a B.S. and M.S. in Electrical Engineering from the University at Southern California and Stanford University respectively, and a Ph.D. in Engineering and Public Policy from Carnegie Mellon University. His research focus is on economics-informed design of computer networks and distributed systems, including incentive mechanisms for peer-to-peer networks and next-generation internet architecture design.

   Thursday, March 19, 2009 at 1:00PM
   Wozniak Lounge, Soda Hall

Abstract.   Most of the attacks and fraudulent activities on the Internet are carried by malware. In particular, botnets have become the primary "platforms" for attacks on the Internet. A botnet is a network of compromised computers (or, bots) that are under the control of an attacker (or, botmaster). A botnet typically has tens to hundreds of thousands of bots, but some had several millions of bots. Botnets are now used for distributed denial-of-service attacks, spam, phishing, information theft, etc. With the magnitude and the potency of attacks afforded by their combined bandwidth and processing power, botnets are now considered as the largest threat to Internet security. In this talk, I focus on addressing the botnet detection problem in an enterprise-like network environment. I present a correlation-based framework for botnet detection that consists of detection technologies already demonstrated in several systems (BotHunter, BotSniffer, BotMiner, and BotProbe). The common thread of these systems is correlation analysis (vertical correlation, horizontal correlation, and cause-effect correlation). I will mainly discuss BotHunter, BotSniffer, BotMiner and their corresponding correlation techniques/algorithms in this talk. These systems have been evaluated in live networks and/or real-world network traces, and the results show that they can detect real-world botnets with a very low false positive rate.

Guofei Gu is an assistant professor in the Department of Computer Science & Engineering at Texas A&M University. Before coming to Texas A&M, he received his Ph.D. degree in Computer Science from the College of Computing, Georgia Tech. His research interests are in network and system security; specifically intrusion detection, web security, and malware detection, defense and analysis. Further information is available at http://faculty.cse.tamu.edu/guofei.

   Thursday, April 2, 2009 at 1:00PM
   Wozniak Lounge, Soda Hall

Abstract.   Biological design principles are changing the way we engineer, maintain, and evolve large dynamic software infrastructures. The talk will illustrate these principles using the example of anomaly detection and response, focusing on early work on system-call monitoring and recent results on Border Gateway Protocol (BGP) security.

Bio
Stephanie Forrest is Professor and Chairman of the Computer Science Department at the University of New Mexico in Albuquerque. She is also an External Professor of the Santa Fe institute and has served as its Vice President and a member of the Science Board. Her research studies adaptive systems, including immunology, evolutionary computation, biological modeling, and computer security. Professor Forrest received M.S. and Ph.D. degrees in Computer and Communication Sciences from the University of Michigan (1982,1985) and a B.A. from St. John's College (1977). Before joining UNM in 1990 she worked for Teknowledge Inc. and was a Director's Fellow at the Center for Nonlinear Studies, Los Alamos National Laboratory.

   Thursday, April 9, 2009 at 1:00PM
   Wozniak Lounge, Soda Hall

Abstract.   The Asirra CAPTCHA [EDHS2007], proposed at ACM CCS 2007, relies on the problem of distinguishing images of cats and dogs (a task that humans are very good at). The security of Asirra is based on the presumed difficulty of classifying these images automatically. In this paper, we describe a classifier which is 82.7% accurate in telling apart the images of cats and dogs used in Asirra. This classifier is a combination of support-vector machine classifiers trained on color and texture features extracted from images. Our classifier allows us to solve a 12-image Asirra challenge automatically with probability 10.3%. This probability of success is significantly higher than the estimate of 0.2% given in [EDHS2007] for machine vision attacks. Our results suggest caution against deploying Asirra without safeguards. We also investigate the impact of our attacks on the partial credit and token bucket algorithms proposed in [EDHS2007]. The partial credit algorithm weakens Asirra considerably and we recommend against its use. The token bucket algorithm helps mitigate the impact of our attacks and allows Asirra to be deployed in a way that maintains an appealing balance between usability and security. One contribution of our work is to inform the choice of safeguard parameters in Asirra deployments.

Philippe Golle has worked at the Palo Alto Research Center since 2003. His research interests are applied cryptography, data security and privacy. He is particularly interested in security and privacy problems that can be solved with data mining or machine learning techniques. Examples of such problem areas include privacy for ubiquitous computing and mobile devices, document sanitization and redaction, and cryptanalysis of cryptographic protocols based on machine learning techniques. Philippe holds a Ph.D. in computer science from Stanford University.

   Thursday, April 16, 2009 at 1:00PM
   290 HMMB

Abstract.   Random key predistribution schemes provide an elegant solution to the problem of secure key establishment in resource restricted sensor networks. We revisit security of these schemes against node compromising adversaries and show that guaranteed security can only be obtained at a very high communication cost - hence defeating the original aim of these schemes.

Rei Safavi-Naini is the iCORE Chair in Information Security and co-director of Centre for Information Security and Cryptography at the University of Calgary, Canada. Before joining University of Calgary in 2007, she was a Professor of Computer Science and the Director of Telecommunication and Information Technology Research Institute (now ICT Research Institute) at the University of Wollongong Australia. She is associate editor of IEEE Transaction on Information Theory and ACM Transactions on Information and System Security, has served on the program committee of major conferences in cryptology and information security. Her research interest includes cryptography, network security, and digital and privacy rights management. She holds a PhD in Electrical Engineering from University of Waterloo, Canada.

   Thursday, April 23, 2009 at 2:00PM
   290 HMMB

Deirdre K. Mulligan comes to the I School from the UC Berkeley School of Law (Boalt Hall), where she was a clinical professor of law and the director of the Samuelson Law, Technology & Public Policy Clinic. She served previously as staff counsel at the Center for Democracy & Technology in Washington. Professor Mulligan's current research agenda focuses on information privacy and security. Current projects include qualitative interviews to understand the institutionalization and management of privacy within corporate America, and role of law in corporate information security policy and practice. Other areas of current research include digital rights management technology and privacy and security issues in sensor networks and visual surveillance systems, and alternative legal strategies to advance network security. TBD

Bio.  

   Thursday, April 30, 2009 at 1:00PM
   Wozniak Lounge, Soda Hall

Abstract.   It is becoming increasingly difficult to implement effective systems for preventing network attacks, due to the combination of the rising sophistication of attacks requiring more complex analysis to detect; the relentless growth in the volume of network traffic that we must analyze; and, critically, the failure in recent years for uniprocessor performance to sustain the exponential gains that for so many years CPUs enjoyed. For commodity hardware, tomorrow's performance gains will instead come from *multicore* architectures in which a whole set of CPUs executes concurrently. Taking advantage of the full power of multi-core processors for network intrusion prevention requires an in-depth approach. In this talk, we frame an architecture customized for parallel execution of network attack analysis. Based on an existing open-source network intrusion detection system, we design a highly concurrent execution model tailored specifically to network traffic analysis. Simulations of the model predict excellent scaling properties, and we report our experiences with a prototype analyzing traffic from large-scale operational network environments.

Robin Sommer is a staff researcher at the International Computer Science Institute, Berkeley, and he is also affiliated with the Lawrence Berkeley National Laboratory where he works with the Lab's cyber-security team. Robin's research focuses on network security monitoring in high-performance, operational settings. He holds a doctoral degree from TU Munich, Germany.

   Thursday, May 7, 2009 at 1:00PM
   Wozniak Lounge, Soda Hall

Abstract.   TBD

Svetlana Radosavac is a Research Engineer at Docomo Communications Laboratories USA, Inc. in Palo Alto, CA. Her research interests include network security, game theory, network economy and virtualization. She received the B.S. degree in electrical engineering from the University of Belgrade in 1999. and the M.S. and Ph.D. degrees in electrical and computer engineering from the University of Maryland, College Park, MD, in 2002 and 2007, respectively.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?