TRUST Seminar Series

If you are visiting Cory Hall from off campus, please see the Visitor Information page.
To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.
(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Spring 2010 TRUST Seminar Series

   Thursday, January 14, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Rich Internet applications are becoming increasingly distributed, as demonstrated by the popularity of AJAX or Web 2.0 applications such as Facebook, Google Maps, Hotmail and many others. A typical multi-tier AJAX application consists, at the least, of a server-side component implemented in Java J2EE, PHP or ASP.NET and a client-side component running JavaScript. The resulting application is more responsive because computation has moved closer to the client, avoiding unnecessary network round trips for frequent user actions.

However, once a portion of the code has moved to the client, a malicious user can subvert the client side of the computation, jeopardizing the integrity of the server-side state. In this project we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley replicates a copy of the client-side computation on the trusted server tier. Every client-side event is transferred to the replica of the client for execution. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity.

We built Ripley on top of Volta, a distributing compiler that translates .NET applications into JavaScript, effectively providing a measure of security by construction for Volta applications. We have evaluated the Ripley approach on five representative AJAX applications built in Volta and also on Hotmail, a large widely-used AJAX application. Our results so far suggest that Ripley provides a promising strategy for building secure distributed web applications, which places minimal burden on the application developer at the cost of a low performance overhead.  

Ben Livshits is a researcher at Microsoft Research in Redmond, WA. He received a B.A. from Cornell University in 1999, and his M.S. and Ph.D. from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. He is known for his work on software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. Lately he has been focused on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.

   Thursday, January 21, 2010 at 1:00 PM
   540a/b, Cory Hall    <-- Note different location

Abstract. The cloud approach to computing, where users outsource part of their workload to a cloud provider's data center, holds the promise of efficient and reliable large-scale computation. At the same time, because it multiplies the actors involved, cloud computing introduces significant security challenges. Ideally, a mechanism that offers complete isolation between the many cloud workloads and the cloud infrastructure itself is needed. Virtualization is an approximation of such an isolation mechanism, where a hypervisor (part of the cloud infrastructure) manages the execution of virtual machines (the users' workloads). Coupled with the fact that the hypervisor can observe the execution of virtual machines (VMs) via VM introspection, virtualization enables the creation of a variety of security tools to detect or even prevent attacks against VM workloads.

In this setting, I will discuss several ongoing projects in our security group at IBM Research. I will argue that the security guarantees of VM-introspection tools are weakened when moving from standalone virtualization to virtualization in the cloud. Our solution for secure VM introspection in the cloud relies only on the integrity of the virtual hardware (and implicitly the hypervisor). Additionally I will discuss security applications built on this secure-introspection primitive, allowing the cloud provider to monitor the runtime integrity of user workloads.  

Mihai Christodorescu researches software and system security at the IBM T.J. Watson Research Center. His current interests include behavior-based analysis and malware detection, web privacy, and cloud integrity. He received a Ph.D. in 2007 from University of Wisconsin, Madison, where he was advised by Somesh Jha. Before that, he earned a B.S. degree in Computer Science from University of California at Santa Barbara.

   Thursday, January 28, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. The paper investigates the effects of competitive cyber-insurers on network security when users are arbitrary risk-averse and network security is costly for them. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, and improving security becomes more costly for a user when his security is higher. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard (i.e., once a user is insured, his incentives to invest in security worsen). Then, if an equilibrium exists, network security always worsens relative to the no-insurance equilibrium. Though with cyber-insurers user welfare may increase (due to risk redistribution), aggregate costs of network insecurity increase as well due to higher network risks. Next, we introduce two user types (good and bad), which insurers cannot distinguish. This additional informational asymmetry causes adverse selection (i.e., bad users purchase insurance contracts designed for good users). We demonstrate that our model permits to price competitive cyber-insurance in the presence of multiple user types. In the pooling equilibrium with insurance, good users subsidize bad users, and network security worsens relative to the no-insurance equilibrium. Lastly, we consider insurers with full information about their users' security. Here, user security is perfectly enforceable (zero cost). Each insurance contract stipulates the required user security and covers the entire user damage. Still, for a significant range of parameters, network security worsens relative to the no-insurance equilibrium. Thus, in general, competitive cyber-insurers may fail to improve network security.  

Galina Schwartz is a researcher in the Department of Electrical Engineering and Computer Science, at the University of California, Berkeley. Her focus is game theory applications to Internet commerce, specifically Internet security and service quality (network neutrality). Galina Schwartz received her Ph.D. in Economics from Princeton University. Prior to joining TRUST, she taught economics in the Department of Economics, UC-Berkeley and UC-Davis, and finance in the Department of Finance at the University of Michigan, Ann-Arbor, Ross School of Business. She collaborates with University of Michigan Center for Information Technology Integration (CITI).

   Thursday, February 4th, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users' privacy: digital stalking and identity theft are some of the most common threats. Unfortunately, even sophisticated users who value their privacy will often compromise it to improve their presence in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy preferences in online services is often a complicated and time consuming task that users usually skip. To address these issues, we are developing mechanisms and platforms to measure and monitor users' privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area. I am hoping that the talk could inspire discussions and new ideas that will eventually make our online environment safer and more comfortable.  

Kun Liu, Ph.D. is a Scientist at Yahoo! Labs working on problems related to computational advertising. Before joining Yahoo, Kun was a Postdoctoral Researcher at IBM Almaden Research Center, working on privacy-preserving social-network analysis, text analytics and healthcare informatics. His contributions to these projects have won him five IBM Invention Achievement Awards, one IBM Invention Plateau Award and one IBM Bravo Award. Kun received his Ph.D. in Computer Science from University of Maryland Baltimore County in 2007. His research interests include privacy-preserving data mining, social-network analysis, text analytics, distributed data mining and statistical machine learning.

   Thursday, February 11, 2010
  

   Thursday, February 18, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Abnormal situations arise in process plants when plants deviate from normal operational modes. Such excursions could have an adverse effect on product quality, process safety, occupational health, environmental quality and process economics. The economic impact of such abnormal situations is enormous; about $30 billion/year in losses in the petrochemical industries alone in the US. The cost is much more when includes other industries such as pharmaceutical, specialty chemicals, and power industries. Furthermore, process safety, security, occupational health, and environmental hazards are ever increasing in importance in response to heightening public concern and the resultant tightening of regulations. Thus, there exists considerable incentive in developing appropriate solutions towards the management of abnormal situations in complex process plants. People in the process industries view this as the next major challenge in control systems research and application.

There are two different, but related, components of the overall abnormal events management (AEM) problem. One deals with the problem of process safety during real-time operations. The other deals with safety issues during the design and/or modifications of the plant or the processes. This is, of course, the domain of process hazards analysis (PHA). In both cases, one depends on humans to perform sophisticated cause-and-effect reasoning through hundreds of possibilities, and for real-time situations, often under enormous psychological strain. Accidents investigations have shown human errors, due to information overload, time pressure, and lack of adequate training, are often the major causes of accidents. As a result, researchers have been investigating the potential of intelligent systems for abnormal situation management and process hazards analysis. These two problem areas are now poised to play a dominant role in defining the course of process systems research and application for the coming decade. In this talk, I will present an overview of these two problem areas, the challenges we face and the encouraging emerging trends. Recent progress has promising implications on the use of intelligent systems for a variety of applications in the chemical, petrochemical, and pharmaceutical industries for inherently safer design, operator training, abnormal situation management, and optimal process operations.  

Venkat Venkatasubramanian is a Professor of Chemical Engineering and a Professor of Industrial and Physical Pharmacy (by courtesy) at Purdue University. He received his Ph. D. in Chemical Engineering (with a Minor in Theoretical Physics) from Cornell University, M.S. in Physics from Vanderbilt University, and B. Tech. in Chemical Engineering from the University of Madras, India. Venkat worked as a Research Associate in Artificial Intelligence in the School of Computer Science at Carnegie-Mellon University and taught at Columbia University before joining Purdue in 1988. Prof. Venkatasubramanian's research contributions have been in the areas of process fault diagnosis and abnormal events management, risk identification and management in complex engineered systems, pharmaceutical engineering and informatics, product design via discovery informatics, systems biology, and complex adaptive systems using knowledge-based systems, neural networks, genetic algorithms, mathematical programming and statistical approaches. His teaching interests include process design, process control, pharmaceutical engineering, systems biology, artificial intelligence, statistical physics, and applied statistics.

Prof. Venkatasubramanian has published 170 refereed papers, and delivered 125 invited lectures and seminars, including 16 keynote/plenary lectures, at various international conferences and institutions all over the world. He has authored or co-authored three books and co-edited two. Venkat has chaired or co-chaired over thirty international meetings, conferences and sessions in the areas of artificial intelligence applications in process engineering. Thirty doctoral and nine masters students have graduated under Venkat's supervision.

Prof. Venkatasubramanian's contributions have been recognized by several awards and honors. He was the 1990 recipient of the Eminent Overseas Lectureship Award from the Institution of Engineers in Australia. He received the Norris Shreve Award for Outstanding Teaching in Chemical Engineering in 1993, 2004 and 2006, and the Teaching for Tomorrow Award in 2004, both awarded by Purdue University. He is an Associate Editor of Computers and Chemical Engineering. In 1996, Industry week magazine selected him as `one of the fifty R&D stars in the United States whose achievements are shaping the future of our industrial culture and America's technology policy'. His co-authored paper on fault diagnosis was awarded the CAST Directors' Award for the Best Poster Presentation at the 2000 AIChE Annual meeting. Venkat and his students were awarded the Best Paper Prize for 2002-05 from the Journal of Engineering Applications of Artificial Intelligence, sponsored by the International Federation of Automatic Control (IFAC), for a paper on abnormal events detection and process risk management. His co-authored paper on informatics won the 2006 Best Paper Prize from Computers and Chemical Engineering. He is a co-recipient of the Team Research Excellence Award from the College of Engineering, Purdue University, in 2007, for his contributions to the development of the discovery informatics framework for molecular products design. In 2007, Venkat was recognized for his outstanding teaching record at Purdue as the only faculty member in the College of Engineering to be elected to the Teaching Academy. In 2010, AIChE honored Venkat with the Computing in Chemical Engineering Award for his contributions in process systems engineering.

   Thursday, February 25, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. In his script for `All The President's Men', author William Goldman coined the famous adage `follow the money', giving Woodward and Bernstein crucial advice for their investigation. In the past years, the growth of the Internet has enabled a financially motivated underground marketplace that presents a case perhaps less politically motivated but surely no less thrilling, in which this classic strategy has remained almost entirely unused.

In this talk I will present a study that sheds light on one component of this market, namely spam-based advertising. The `conversion rate' of spam, the probability that an unsolicited email with ultimately elicit a `sale', underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. I will describe a methodology for using parasitic infiltration of botnets, large networks of infected computers responsible for the vast majority of spam observed today - to empirically infer the delivery and conversion rates of spam campaigns. I will present an analysis of over 400 million instrumented spam emails across two campaigns and quantify the underlying processes that modulate its profits.

The results provide insights into the entire spam conversion pipeline and illuminate some of the market pressures on the spammers and botmasters involved, and thus point out initial avenues for following the money in this poorly understood economy.  

Christian Kreibich is a staff research scientist at the International Computer Science Institute in Berkeley. He received his Ph.D. from the University of Cambridge, UK, and a Diplom in Computer Science from the Technical University of Munich, Germany. His research focuses on topics in network architecture, distributed systems, and network security.

   Thursday, March 4, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Secure Information Flow is a fundamental problem in the security of networks and large-scale distributed systems where the basic question is: Under what constraints will a piece of information flow securely in a network in the face of adversaries propagating bogus information? Answering this question has important ramifications on how we design secure routing protocols, secure DNS, secure content rating systems, Sybil-resilient P2P systems. In this talk, I will present some of our recent results in addressing the secure information problem in trust networks where each network edge represents a strong trust relationship between the participating nodes. In the first result, I will describe a decentralized mechanism to compute the "reputation of routing protocol updates" in a trust network. In the second result, I will describe a distributed verification protocol that can drastically reduce the number of admitted Sybil identities in a decentralized trust network. In the third result, I will show how we can achieve probabilistic secure information flow in sparse trust networks (with high probability guarantees) by establishing weak trust relationships with "constrained random" friends. At the end, I will describe how we can use a combination of these three results to improve the security of many existing networks and distributed systems.  

Lakshminarayanan Subramanian is an assistant professor in the Courant Institute of Mathematical Sciences at New York University. His research interests are in the areas of networks, distributed systems and technologies for developing regions. At NYU, he co-leads the Networks and Wide-area Systems (NeWS) research group and leads the CATER research initiative, a multi-disciplinary group focusing on appropriate technologies for development. He is a recipient of the NSF CAREER award, IBM Faculty award and C.V. Ramamoorthy award.

   Thursday, March 11, 2010
  

   Thursday, March 18, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. SCADA (Supervisory Control And Data Acquisition) systems are deeply ingrained in the fabric of critical infrastructure and the constitutions of vital enterprises. These computerized networked real-time control systems are increasingly subject to serious damage and disruption by cyber means due to their standardization and connectivity to other networks. This talk addresses one of the securing endeavors. In particular, an earlier detection and resilient estimation scheme for such systems in an uncertain network environment will be explored more technically. Without any prior knowledge of the occurrence time and distribution of the outliers or anomalies, this online recursive algorithm robustly identifies and detects them among the measurements by using a robustified window-limited sequential Generalized Likelihood Ratio Test. The choice of this fixed yet approximately optimal window size provides guaranteed delay to detection time under the constraint of false alarm rate conditions when identifying outliers. Further, this resilient and flexible estimation scheme robustly rectifies and cleans data upon both isolated and patchy outliers while maintain the optimality of the nominal condition. I will illustrate through several likely SCADA-specific attacks.  

Bonnie Zhu is an EECS Ph.D candidate at UC Berkeley with research focus on securing SCADA systems including possible cyber-physical attacks, intrusion detection and countermeasure, and containment/resilient control. She holds a Management of Technology Certificate from the Haas Business School, an MS in ME from UC Berkeley, and am MS in ECE from Rutgers. Besides her software developing experience in the EDA industry, Bonnie is also interested in the reliable distribution of clean electricity.

   Thursday, March 25, 2010
  

   Thursday, April 1, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract.The social networking site Facebook.com is becoming one of the most popular websites on the internet, with over 400 million active users. One of the most compelling aspects of the site is its applications platform, where third party developers can launch their own applications; Facebook claims there are over 500,000 active applications on the platform, and that over 70% of Facebook users engage with them every month.

However, there are questions regarding how secure Facebook apps are -- apps are not reviewed before going live on the platform, and apps have by default access to a subset of a user's profile data. While developers are not supposed to store a user's profile data for longer than 24 hours, there is no policing mechanism that can prevent rogue developers from stealing individual profile data or a user's social graph, since applications are given access to an individual's friends list when the user adds the application.

I am interested in determining how much the public understands about Facebook applications -- how they work, what data they have access to, and how and why users decide to trust apps. To that end, my co-researcher and I created a survey application to probe these questions; at this talk, I will be presenting some preliminary results from our initial weeks of data collection.  

Jennifer King is a PhD candidate at the School of Information, UCB. Her work focuses primarily on privacy issues on the internet as well with ubiquitous systems and sensor networks.

No Seminar on Thursday, April 8, 2010

   To Be Rescheduled
   Soda Hall, Wozniak Lounge

Abstract. This work analyzes the effect of replay attacks on a control system. We assume an attacker wishes to disrupt the operation of a control system in steady state. In order to inject an exogenous control input without being detected the attacker will hijack the sensors, observe and record their readings for a certain amount of time and repeat them while carrying out his attack. This is a very common and natural attack (we have seen numerous times intruders recording and replaying security videos while performing their attack undisturbed) for an attacker who does not know the dynamics of the system but is aware of the fact that the system itself is expected to be in steady state for the duration of the attack. We assume the control system to be a discrete time linear time invariant Gaussian system applying an infinite horizon Linear Quadratic Gaussian (LQG) controller. We also assume that the system is equipped with a Chi Square failure detector. The main contributions of this work, beyond the novelty of the problem formulation, consist in 1) providing conditions on the feasibility of the replay attack on the aforementioned system and 2) proposing a countermeasure that guarantees a desired robability of detection (with a fixed false alarm rate) by trading off either detection delay or closed loop system performance.  

Bruno Sinopoli received the Dr. Eng. degree from the University of Padova in 1998 and his M.S. and Ph.D. in Electrical Engineering from the University of California at Berkeley, in 2003 and 2005 respectively, along with the Management of Technology Certificate from the Haas Business School. After a postdoctoral position at Stanford University, Dr. Sinopoli joined the faculty at Carnegie Mellon University where he is an assistant professor in the Department of Electrical and Computer Engineering with courtesy appointments in Mechanical Engineering and in the Robotics Institute. Dr. Sinopoli was awarded the 2006 Eli Jury Award for outstanding research achievement in the areas of systems, communications, control and signal processing at U.C. Berkeley. His research interests include networked embedded control systems, distributed estimation and control with applications to wireless sensor-actuator networks and system security.

   Thursday, April 15, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Digital identity management (DIM) has emerged as a critical foundation for supporting successful interaction in today's globally interconnected society. It is crucial not only for the conduct of business and government but also for a large and growing body of electronic or online social interactions. Digital identity management is usually coupled with the notion of federation. The goal of federations is to provide users with protected environments to federate identities by the proper management of identity attributes. Federations provide a controlled method by which federation members can provide more integrated and complete services to a qualified group of individuals within certain sets of business transactions. By controlling the scope of access to participating sites, and by enabling secure, cross-domain transmission of user's personal information, federations can make the perpetration of identity frauds more difficult, as well as reduce their frequency, and their potential impact. In this talk we will first discuss basic digital identity concepts and requirements towards DIM solutions and we will overview relevant initiatives currently undergoing in academia and industry. We will then focus on the problem of identity theft and discuss an initial solution to the problem of establishing and protecting digital identity.  

Elisa Bertino is professor of Computer Science at Purdue University and serves as Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS). Previously she was a faculty member at Department of Computer Science and Communication of the University of Milan where she directed the DB&SEC laboratory. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies.

Her main research interests include security, privacy, digital identity management systems, database systems, distributed systems, multimedia systems. In those areas, Prof. Bertino has published more than 250 papers in all major refereed journals, and in proceedings of international conferences and symposia. She is a co-author of the books "Object-Oriented Database Systems - Concepts and Architectures" 1993 (Addison-Wesley International Publ.), "Indexing Techniques for Advanced Database Systems" 1997 (Kluwer Academic Publishers), "Intelligent Database Systems" 2001 (Addison-Wesley International Publ.), and "Security for Web Services and Service Oriented Architectures" 2010 Springer. She has been a co-editor in chief of the Very Large Database Systems (VLDB) Journal from 2001 to 2007. She serves (has served) on the editorial boards of several scientific journals, including IEEE Internet Computing, IEEE Security&Privacy, ACM Transactions on Information and System Security, ACM Transactions on Web.

Elisa Bertino is a Fellow member of IEEE and a Fellow member of ACM. She received the 2002 IEEE Computer Society Technical Achievement Award for "For outstanding contributions to database systems and database security and advanced data management systems" and the 2005 IEEE Computer Society Tsutomu Kanai Award "For pioneering and innovative research contributions to secure distributed systems".

   Thursday, April 22, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Information security has been commonly viewed as a rivalry between attackers and defenders, and as being characterized by an "evolutionary arms race" where each side has incentives to continually create in new innovations to overcome the opponent's capabilities. This, in turn, requires continual replacement of old solutions with new. In doing so, neither side gains a lasting advantage. (This is the "Red Queen" effect, where the Red Queen has to run as fast as she can just to stay in one place.)

If this is true, then it will be important at a policy level to understand the dynamics of the evolutionary arms race in order to determine the intermediate and long-term trajectory of the game. However, very little is known about the evolutionary dynamics of information security. I'm working with several industry and academic researchers to tackle this problem.

To our knowledge, our research is the first comprehensive effort to create a history-friendly theoretical model using methods from several disciplines--evolutionary ecology, national security studies, computational economics and social sciences, and management science. Our goal is to introduce these new methods and show how they can endogenously model escalating innovation of both technical and economic solutions and the arms race dynamics.

Our research is at an early stage, so the focus of this talk will be to frame the problem and review alternative methods--game theory, dynamical systems, multi-agent systems, and other computational methods. I'll demonstrate on a relatively simple dynamic--email spam vs. spam filtering. A surprising result: "good enough" spam filtering actually perpetuates spam, given that spammers can increase volume using botnets.  

Russell Cameron Thomas is Principal at Meritology, a boutique consulting firm specializing modelling risk and business value of information technology. He has 30 years of computer industry experience in engineering, marketing, and management consulting. He has organized and led a multi-organization research team to propose a research project in cyber security metrics, aimed at a DHS advanced research grant. He has a B.S. in Electrical Engineering and Management from Worcester Polytechnic Institute, graduating with honors. In Fall 2010, Russell will be entering the PhD program in Computational Social Science at George Mason University.

Russell blogs and can be reached on LinkedIn and Twitter (@MrMeritology).

   Thursday, April 29, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. Wireless sensor networks are opening up tremendous opportunities for mobile health monitoring and tele-health applications. As we move these systems from experiments in engineering labs to prototypes involving patients and physicians, we must construct systems which collect and store data and provide more than a MATLAB script as interface. Because they can often monitor a patient remotely and/or continuously, these systems can provide the chance to collect an unprecedented amount of data. Correspondingly, in many instances medicine has not yet had the opportunity to discover the full benefit that can be derived from this new data. While exciting in its potential, this scenario also results in a great challenge in reasoning about and ensuring privacy for its users. This talk will focus on Dr. Kuryloski and his colleagues' ongoing work building such systems and providing end-to-end privacy within those systems.  

Philip Kuryloski received his PhD from Cornell University in 2009, where he worked in the Wireless Intelligent Systems Lab under Prof. Stephen Wicker. There he studied wireless sensor networks, eventually specializing in a systems level perspective of medically oriented, wearable wireless sensor network systems. After leaving Cornell, he began a brief role as Technical Director of a small San Francisco startup company called Affective Interfaces, Inc., whose goal was to produce automated emotion sensing software. He has recently left that startup to return to the academic research world, now working with EECS Prof. Ruzena Bajcsy at UC Berkeley. Here he will continue his work with sensor network systems and his focus on security and privacy.

   Thursday, May 6, 2010 at 1:00 PM
   Soda Hall, Wozniak Lounge

Abstract. The browser has become a popular attack vector for implanting code on computer operating systems. Equally critical, important sessions, such as online banking and other sensitive online activities, must be protected from cross-site attacks from other concurrent sessions. In this presentation, we describe an approach using lightweight virtualization to create a safe browsing environment, called SafeFox,to protect both the host and important browsing sessions from malicious Web content. With SafeFox,the browser runs in its own virtual environment (VE) in its own process namespace, file system, and IP address; furthermore, when browsing to a secure bookmarked site SafeFox automatically creates a new isolated lightweight virtual environment (VE) for the secure bookmarked site. While the native platform of SafeFox is Linux, we have created a SafeFox virtual appliance to run on multiple platforms, including Windows. An implementation is currently being commercialized.  

Anup Gosh is Research Professor and Chief Scientist in the Center for Secure Information Systems (CSIS) at George Mason University. Dr. Ghosh was previously Senior Scientist and Program Manager in the Advanced Technology Office of the Defense Advanced Research Projects Agency (DARPA) where he managed an extensive portfolio of information assurance and information operations programs. Ghosh is also founder of Secure Command, a software security company that commercializes next generation security research. Ghosh's research focuses combating malicious software within the enterprise. He has developed novel approaches for securing desktops using virtualization. He is also developing techniques for detecting malicious code within enterprise networks by classifying network traffic flows.

Ghosh previously served in executive management as Vice President of Research at Cigital, Inc. He has served as principal investigator on contracts from DARPA, NSA, and NIST's Advanced Technology Program and has written more than 40 peer-reviewed conference and journal articles. Ghosh is also author of three books on computer network defense. Ghosh serves on the editorial board of IEEE Security and Privacy Magazine and has been guest editor for IEEE Software and IEEE Journal on Selected Areas in Communications. Ghosh is currently a member of the Committee on Information Assurance for Network-Centric Naval Forces for the Naval Studies Board, National Research Council. Ghosh is a Senior Member of the IEEE. For his contributions to DoD's information assurance, Dr. Ghosh was awarded the Frank B. Rowlett Trophy for Individual Contributions by the National Security Agency in November 2005, a Federal government wide award. He was also awarded the Office of the Secretary of Defense Medal for Exceptional Public Service for his contributions while at DARPA. In 2005, Worcester Polytechnic Institute awarded Dr. Ghosh its Hobart Newell Award for Outstanding Contributions to the Electrical and Computer Engineering Profession. Ghosh has previously been awarded the IEEE's Millenium Medal for Outstanding Contributions to E-Commerce Security. Ghosh completed is Ph.D. and Master of Science in Electrical Engineering from the University of Virginia and his Bachelor of Science in Electrical Engineering from Worcester Polytechnic Institute.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?