Trust Seminar

If you are visiting Soda Hall from offsite, please see the Visitor Information page

To receive notification of future Trust Seminars, either join the trustlocal workgroup or the trustseminar workgroup.

Almost all members of Trust that are located at UC Berkeley should join trustlocal instead of joining the trustseminar group.

Past 2007 Trust Seminars

Using Model-based Intrusion Detection for SCADA Networks

Alfonso Valdes, SRI

4pm, Thursday, January 18, 2007, Note: Special Place 540 A/B Cory
Presentation

Abstract
In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular traffic patterns, and a limited number of applications and protocols running on them. Thus, we believe that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks. To this end, we describe three model-based techniques that we have developed and a prototype implementation of them for monitoring Modbus TCP networks.

Bio
Alfonso Valdes, Senior Computer Scientist, Computer Sciences Laboratory at SRI, has led several projects in information security for such clients as the Defense Advanced Research Projects Agency (DARPA) and the Advanced Research and Development Activity (ARDA), and the Department of Homeland Security. He has coordinated the insertion of technology components from these and other projects into exercises with the Army and Navy. He is an expert on statistical algorithms for detection and modeling and the application of such techniques in the information security arena. He has led statistical algorithm development in SRI's Next-Generation Intrusion Detection Expert System (NIDES) and later EMERALD. Mr. Valdes has implemented a high-speed Bayes component to detect network intrusions, as well as an innovative probabilistic approach to correlation of reports from heterogeneous intrusion detection sensors. In the EMERALD project, he has developed and improved algorithms from the standpoint of detection performance, false alarm rate, and computational efficiency. He holds two patents in the field of computer intrusion detection. Mr. Valdes is also an expert on a wide variety of statistical and classification techniques, including likelihood theory, decision analysis, neural networks, simulation, and Bayesian formalisms. He has applied these methods with great success in a number of problem domains, including signal processing and environmental and medical sciences, in addition to information security. More recently he has introduced ultra-scalable methods to visualize unusual or potentially malicious activity at very high levels in computer networks. Over the last two years, he has taken an interest in critical infrastructure systems such as the distributed control and SCADA systems that operate refineries and pipelines in the Oil and Gas sector. Mr. Valdes holds an M.S. (1983) in operations research from Stanford University.

Security is broken

Rik Farrow (Security consultant and author)

Note: Special Day: 4pm, Wednesday, January 31, 2007, 540 A/B Cory
Presentation

Abstract
Our computer security model is broken. Worse yet, it never really has worked ... all certainly desktops and laptops, but also most servers. The current security model was not designed to protect users from themselves, and this goes a long way towards understanding why security is so difficult. I end by looking at strategies for improving security -- but no real solutions. The point is to start thinking outside of the box, while adopting best practices today. What we have done in the past has not worked, and can not work. We need to look at the security model in a new way, and that is the real point of this presentation.

Bio
"Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught for NASA, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, CSI, USENIX, and for many US and European user groups. Farrow also consults with firms in the design and implementation of security applications, and works with organizations to create secure firewalls and Internet facing servers."

"He is the author of UNIX System Security, published by Addison-Wesley in 1991 and System Administrator's Guide to System V (Prentice Hall, 1989, with Rebecca Thomas). Farrow is the Editor of ;login:, the magazine of the USENIX association (USENIX). His article on the technical details of the Internet Worm won an Excellence in Technology Communications award. Farrow was featured in an article about Internet Security in a December 1997 article in ComputerWorld. "

Integrated Industrial Wireless Systems - Implications for Everyone

Peter Fuhr, Apprion Inc.

4pm, Thursday, February 8, 2007, 380 Soda
Presentation

Abstract
The list of wireless devices goes on and on (cell phones, pagers, WiFi, RFID, remote controls, GPS devices, etc.) as does their use in industrial settings. Coupled into the mix are various flavors of industrial strength wireless field devices, embedded controllers, network connections between corporate sites around the planet, with perhaps even some backhaul infrastructure. But this setting isn't your Mother's kitchen... Questions frequently arise when systems designed for one environment are used in another - such as the potentially hazardous environments found in many industrial settings. Enter the world of intrinsic safety, NEMA enclosures, Class Division 1 operation, etc. The requirements placed on these devices and systems is much more restrictive than the WiFi access point that you have in your house. Coupled with the safe operation of such devices, comes a multitude of security questions that may arise through the incorporation of wireless into an industrial plant. This presentation/discussion is aimed at addressing this maze of issues. Specific integrated industrial installations will be discussed along with the associated applications and the ever-present pulse of applicable standards (with a special update on all things SP100).

Bio
Dr. Peter Fuhr, Chief Technology Officer, Apprion, Inc., NASA Ames Research Center, Moffett Field CA has hundreds of publications and presentations within the realm of sensing systems and wireless network connectivity. He has embedded sensors into various structures worldwide ranging from buildings, dams, airplanes, hot air balloon, spacecraft, nuclear power plant containment vessels, even humans. His pioneering work in networked sensor systems for structures earned him the Presidential Award for Excellence in Research. Dr. Fuhr left the shelter of academia for the corporate world in 2003. He has served on the Technical and/or Advisory Boards for numerous companies and has performed technical consulting for over 60 companies. Segments of his research activities are featured in the SPIE Milestone Series on Fiber Optics. Dr. Fuhr is an Executive Member of the Wireless Industrial Networking Alliance and chairs two committee of ISA’s SP100 (the standard for Industrial Wireless): (1) Interoperability and Wireless Sensor Networking and (2) Inventory Management (Industrial RFID/RTLS). Dr. Fuhr serves on various industrial, academic and governmental panels while striving to bring integrated wireless and wired communications and sensing systems to the industrial sector.

Covert Timing Channels over IP

Carla Brodley, Tufts University

4pm, Thursday, February 22, 2007, 380 Soda

Abstract
Indirect communication channels have been effectively employed in the communications world to bypass mechanisms that do not permit direct communication between unauthorized parties. Such covert channels emerge as a threat to information -sensitive systems in which leakage to unauthorized parties may be unacceptable. In this talk, we present several IP-based covert channels and methods for detecting or rate limiting them. We first illustrate that traffic analysis can counter traditional event-based IP covert channels, which do not employ any additional scheme to obfuscate the channel. We then introduce a new family of covert channels, which transmit covert messages by adjusting packet timings consistent with inter-arrival time sequences that are extracts from recently recorded normal sequences. Under certain assumptions and lowered data rates, these "time-replay" covert channels generate output sequences that are sufficiently similar to normal sequences, allowing them to by-pass traffic anomaly detection schemes that are based on distribution analysis. Additionally, we illustrate that time-replay channels can potentially survive channel elimination schemes such as jammers and network data pumps with lowered data rates. Thus, we discuss two types of transformations on packet inter-arrival times to increase the efficacy of existing elimination schemes.

Bio
Carla E. Brodley is a professor in the Department of Computer Science at Tufts University. She received her PhD in computer science from the University of Massachusetts, at Amherst in 1994. From 1994-2004, she was on the faculty of the School of Electrical Engineering at Purdue University, West Lafayette, Indiana. Professor Brodley's research interests include machine learning, data mining and computer security. She has worked in the areas of intrusion detection, anomaly detection in networks, hardware support for security, classifier formation, unsupervised learning and applications of machine learning to remote sensing, computer security, digital libraries, astrophysics, chemistry and content-based image retrieval of medical images. She was a member of the 2004/2005 Defense Science Study Group. In 2001 she served as program co-chair for the International Conference on Machine Learning (ICML) and in 2004, she served as the general chair for ICML. Currently she is an associate editor of Computers and Security and the Machine Learning Journal. She is a member of the Computing Research Association's Committee on the Status of Women in Computing Research (CRA-W).

I Think I Voted: E-Voting vs. Democracy

David L. Dill, Stanford University

4pm, Thursday, March 1, 2007, 380 Soda

Abstract
Touch-screen voting machines store records of cast votes in internal memory, where the voter cannot check them. Because of our system of secret ballots, once the voter leaves the polls there is no way anyone can determine whether the vote captured was what the voter intended. Why should voters trust these machines? In January 2003, I drafted a "Resolution on Electronic Voting" stating that every voting system should have a "voter verifiable audit trail," which is a permanent record of the vote that can be checked for accuracy by the voter, and which is saved for a recount if it is required. I posted the page with endorsements from many prominent computer scientists. At that point, I became embroiled in a nationwide battle for voting transparency that has continued now for three years. In this talk, I will discuss the basic principles and issues in electronic voting.

Bio
David L. Dill is a Professor of Computer Science at Stanford University, where he has been on the faculty since 1987. His primary research interest is formal verification of systems, the goal of which is to find design errors in systems, or prove that they are correct. He has authored over 100 academic publications on this subject, and is listed as a highly cited author by ISI. He is a Fellow of the Institute of Electronic and Electrical Engineers (IEEE) and a Fellow of the Association for Computing Machinery. Prof. Dill is the author of the "Resolution on Electronic Voting", which has been endorsed by many computer technologist as well as political scientists, lawyers, and other individuals. He served on the California Secretary of State's Ad Hoc Committee on Touch Screen Voting, the DRE Citizen's Oversight Committee for Santa Clara County, California, and the IEEE P1583 voting standards committee. He has testified before the Carter-Baker Commission on Federal Election Reform, the U.S. Senate Rules and Administration Committee, and the U.S. Election Assistance Commission. He received the Electronic Frontier Foundation's "Pioneer Award" in 2004 for his work on electronic voting. He is the founder of VerifiedVoting.org and the Verified Voting Foundation, non-profit organizations that champion publicly verifiable elections in the United States, and a member of the National Committee for Voting Integrity (www.votingintegrity.org).

Incorporating Privacy Values, Policies and Law in Information Systems

Annie I. Antón, North Carolina State University

4pm, Thursday, March 8, 2007, 380 Soda

Abstract
Effective solutions for privacy protection are of interest to industry, government and society at large, but the challenge is to satisfy the often-conflicting requirements of all these stakeholders. Legislation (such as HIPAA, COPPA and GLBA) that constrains privacy and security practices within systems and organizations present additional technical challenges. This talk will discuss mechanisms that enterprises can use to ensure that their systems are compliant with both the policies they articulate and law. Additionally, we will address the need to understand how to specify, deploy, communicate and enforce transparent privacy policies. Legislators and regulatory bodies need mechanisms to verify how privacy- related laws are actually enforced by enterprises in their software systems. To this end, we are developing compliance monitors to detect violation of stakeholder rights and obligations as expressed in law. Finally, end- users must be able to easily understand privacy policies and need effective, transparent and comprehensible online privacy-protection mechanisms -- we will discuss results of our most recent survey of 975 Internet users in which we compared various ways to represent privacy policies to online healthcare

Bio
Dr. Annie I. Antón is an Associate Professor of Software Engineering in the College of Engineering at the North Carolina State University. She is director of ThePrivacyPlace.Org (http://theprivacyplace.org), and co-director of the NC State Electronic Commerce Studio. Dr. Antón was awarded an NSF CAREER Award in 2000, named a CRA Digital Government Fellow in 2002, nominated and selected for the 2004-2005 IDA/DARPA Defense Science Study Group, and received the CSO (Chief Security Officer) Magazine "Woman of Influence in the Public Sector" award at the 2005 Executive Women's Forum. She is associate editor of IEEE Transactions on Software Engineering, the cognitive issues area editor for the Requirements Engineering Journal and a member of the International Board of Referees for Computers & Security. She is a member of the International Association of Privacy Professionals, a senior member of the IEEE as well as a member of the ACM U.S. Public Policy Executive Committee. Antón currently serves on several boards: the NSF CISE Advisory Council, the CRA Board of Directors, the Distinguished External Advisory Board for the TRUST Research Center at U.C. Berkeley, the CRA-W Board, and an Intel advisory board. She received her B.S., M.S. and Ph.D. in Computer Science in 1990, 1992, and 1997, respectively, from the College of Computing at the Georgia Institute of Technology in Atlanta. Her URL is: http://www.csc.ncsu.edu/faculty/anton.

Unconditionally Secret Key Agreement using Public Discussion

Amin Gohari, University of California, Berkeley

4pm, Thursday, March 15, 2007, 380 Soda

Abstract
In many environments requiring secret key generation, it is possible to provide external randomness to the agents. For example, sensor networks are often deployed in places where it is possible to beam randomness, e.g. from a satellite. Information theoretic security is the most stringent form of security. While once commonly considered infeasible in view of Shannon’s one time pad result, the recognition that externally provided randomness can be used to create information theoretically secure keys has led to a rethinking of this pessimistic viewpoint and to significant work over the last decade in to develop protocols to extract high rate secret keys in such situations. We study the fundamental problem in information-theoretic cryptography in which a group of agents together with an eavesdropper have access to possibly correlated random sources. We study the secret key rate of the parties (secret from eavesdropper). Our current results strictly improve the best known bounds on the secrecy capacity. The results further relate and improve several earlier results in this area which had been studied separately.

Bio
Amin Aminzadeh Gohari is a graduate student at the university of California Berkeley working under the supervision of Professor Venkat Anantharam.

Vulnerabilities in First-Generation RFID-enabled Credit Cards

Kevin Fu, University of Massachusetts, Amherst

4pm, Thursday, March 22, 2007, 380 Soda
Presentation

Abstract
RFID technology appears in a huge array of products ranging from clothing and airport luggage to subway tickets and credit cards. This talk will examine recent privacy and security vulnerabilities discovered in RFID-enabled credit cards. An estimated 20 million RFID-enabled credit cards are already in circulation in the United States. Using samples from a variety of RFID-enabled credit cards, our study observes that the cardholder's name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, our homemade device costing around $150 effectively clones one type of skimmed cards thus providing a proof-of-concept implementation for the RF replay attack, information revealed by the RFID transmission cross contaminates the security of RFID and non-RFID payment contexts, and RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.

Bio
Kevin Fu is an assistant professor in the Department of Computer Science at the University of Massachusetts Amherst, and is the coordinator of the RFID Consortium on Security and Privacy (RFID CUSP). His research interests in secure computer systems include secure storage, RFID security, file systems, Web security, and cryptography. Kevin's contributions include key regression for efficient decentralized access control of storage; the SFS read-only file system for fast integrity-protected content distribution; proxy re-encryption file systems for managing distributed access control; and the security analysis of RFID-enabled credit cards, Web authentication, and software updates. Kevin received his M.Eng. and Ph.D. in Electrical Engineering and Computer Science at the Massachusetts Institute of Technology in 1999 and 2005 respectively, and his S.B. in Computer Science and Engineering from MIT in 1998. He has served on numerous program committees of prestigious conferences including the IEEE Symposium on Security & Privacy, the Network and Distributed Systems Security Symposium (NDSS), and the USENIX Security Symposium. His research has appeared in The New York Times and The Wall Street Journal. Kevin also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.

Selling Security to Software Developers: Lessons Learned While Building a Static Analysis Tool

Brian Chess, Fortify Software

4pm, Thursday, April 12, 2007, 380 Soda Slides

Abstract
Over the past ten years, static analysis has undergone a rebirth in both the academic and the commercial world. At the same time, security has become a critical topic for software makers. At the confluence of these trends is a new crop of static analysis tools that identify software security bugs in source code. This talk covers what I have learned during the process of creating and selling a commercial static analysis product. Some of the lessons about static analysis are intuitive (better analysis results lead to better sales), while some are not (when a customer says "false positive" what they mean is "result I do not like"). In addition to relating my experience with static analysis, I will take a look at the differences between software security as addressed in the academic community and as practiced by software developers in the "real world."

Bio
Brian Chess is Chief Scientist at Fortify Software. His work focuses on practical methods for creating secure systems. Brian draws on his previous research in integrated circuit test and verification to find new ways to uncover security issues before they become security disasters. Brian received his Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Prior to joining Fortify, Brian spent a decade in Silicon Valley working at both big and small companies and thinking about both software and hardware problems. Small companies and software problems came out on top.

Elections and Computers: A Match Made ... Somewhere?

Matt Bishop, University of California, Davis

4pm, Thursday, April 19, 2007, 380 Soda Slides

Abstract
Electronic voting systems are becoming ubiquitous. Introduced originally to reduce problems of interpreting marked ballots, electronic voting systems have created new problems as well as solved old ones. This talk will discuss the role of electronic voting systems in elections, examine the problems and benefits of the systems, and discuss the nature and role of the Federal and state standards for these systems.

Bio
Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He is on the faculty at the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He is active in information assurance education, and is a charter member of the Colloquium on Information Systems Security Education. He has been active in the area of UNIX security since 1979, and has presented tutorials at SANS, USENIX, and other conferences. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Know Thyself: Monitoring Your Network for Fun and Prophet[sic]

John McHugh, Dalhousie University, Canada

4pm, Thursday, May 3, 2007, 380 Soda Slides

Abstract
Routine acquisition and aggregation of network data offers an opportunity to understand some of the forces that drive the internet. It also offers an opportunity to detect and understand a variety of phenomena that are related to overtly questionable or malicious activities on the part of network users and abusers. Carried out on a smaller scale, if offers an opportunity to perform passive monitoring on the activities on your own network, including the detection of spyware and other forms of compromise. By monitoring the unoccupied portions of an organization's address space, scanning and other activities that are often precursors to attacks can be identified. In this talk, I will summarize a variety of large and small scale observations that have resulted from such monitoring activities. Key to this work is the choice of suitable abstractions for the representation of both data and analysis results. The talk will also consider some of the issues associated with the management of the quantities of the data involved as well as techniques for analyzing the data and presenting the analysis results. These techniques aid system managers in better understanding the activities that routinely occur on their networks and provide a baseline against which changes in behavior, whether benign or malicious can be evaluated.

Bio
John McHugh is a professor and Canada Research Chair in Privacy and Security at Dalhousie University in Halifax, NS where he also directs the Privacy and Security Laboratory. Before joining the faculty at Dalhousie, he was a senior member of the technical staff at the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University where he did research in survivability, network security, and intrusion detection. He was also affiliated with CyLab and the Center for Wireless and Broadband Research, both part of the Department of Electrical and Computer Engineering at CMU. Prior to joining CERT, Dr. McHugh was a professor and chairman of the Computer Science Department at Portland State University in Portland, Oregon where he held a Tektronix Professorship. He has been a member of the research faculty at the University of North Carolina and has taught at UNC and at Duke University. For a number of years, Dr. McHugh was a Vice President of Computational Logic, Inc., a contract research company formed to further the application of formal methods of software design and analysis in support of security and safety critical systems. While at CLI, he developed tools for the analysis of covert channels in multilevel secure systems and worked on the problems associated with the efficient implementation of formally specified systems. He has also worked for the Research Triangle Institute, the Naval Research Laboratory, the National Oceanic and Atmospheric Administration, the University of Minnesota, and the U.S. Patent Office. Dr. McHugh received his PhD degree in computer science from the University of Texas at Austin. He has a MS degree in computer science from the University of Maryland, and a BS degree in physics from Duke University. He is the author of numerous technical papers and reports. He has served as the chair of the IEEE Computer Society's Technical Committee on Security and Privacy and is a member of the advisory board for the International Journal of Information Security. He serves on the program or advisory committees of many of the major conferences and workshops in the computer security field.

Where's Waldo's Computer?

Emin Gun Sirer, Cornell University

4pm, Thursday, May 10, 2007, 380 Soda

Abstract
Determining the location of nodes in a network is a basic building block operation that enables many interesting, location-aware applications. In this talk, I will describe efficient and effective localization techniques we have developed for wired and wireless networks. I'll first describe how to efficiently determine the location of nodes in a wireless network without having to use expensive and energy-consuming specialized hardware such as GPS receivers. The key to our approach is to cast the localization problem as a constraint system, extract constraints aggressively from the MAC layer, and solve the system with the aid of a few landmarks. I'll then describe how to efficiently resolve relative geographic queries, of the form "where is the node with the lowest latency to CNN?", in wide area networks. The key to our approach is to build a specialized overlay where every node has authoritative information for the nodes in its vicinity and just enough information for nodes farther away. Finally, I'll describe how to determine the physical location of an Internet host based solely on network measurements, by combining the two techniques. All three systems have been deployed in the real world, and I'll report results from these deployments.

Bio
Gun Sirer is an assistant professor in the Computer Science Department at Cornell University. He works on self-organizing systems, which span operating systems, networking and distributed systems. Much of his research emphasizes building systems based on principled reasons for their correct functioning. His current projects involve peer-to-peer systems, systems support for ad hoc networks, and operating systems.

Insanity Rules: The Growing Cybersecurity Crisis

Gene Spafford, Purdue University

4pm, Thursday, May 17, 2007, 380 Soda

Abstract
For a number of years now, IT sector companies seem to have been taking cyber security quite seriously. Software vendors maintain websites devoted to the security of their products and release vulnerability warnings and patches. PC manufacturers supply antivirus and personal firewall software with their computers. Most police forces around the world have units fighting cyber crime. Yet, despite all these efforts, internet crimes and malicious behavior show no sign of abating. The flow of unsolicited emails is stronger than ever. Why is this so? What is the real state of cyber crime and cyber security, and what can be done to improve the current situation? These and other questions will be examined by Prof. Spafford in his talk.

Bio
Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, cybercrime and policy to a number of major companies, law enforcement organizations, and government agencies, including Microsoft, Intel, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Energy, and two Presidents of the United States. Dr. Eugene Spafford is a professor with a joint appointment in Computer Sciences and Electrical and Computer Engineering at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy) and a professor of Communication (courtesy). He is the Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). As of 2007, Dr. Spafford is also an Adjunct Professor of Computer Sciences at the University of Texas at San Antonio, and is Executive Director of the Advisory Board of the new Institute for Information Assurance there.

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?

Other Seminars