The first talk will be on: The Cyber Defense Technology Experimental
Research Network (DETER).

Suggested readings beforehand are:
1) Expeience with DETER: A Testbed for Security Rsearch (pdf)

2) An Integrated Experimental Environmentfor Distributed Systems and Networks (pdf)

The second talk will be on: 21st Century Project Management.

Suggested readings beforehand are:
1) Managing Emergent Work: Revisiting Jazz Lessons (pdf)

2) Radical Innovation without Collocation (pdf)

3) National Science Foundation Facility Plan (pdf)

Morning talk: “Wireless Sensing Systems: From ecosystems to human systems”, Deborah Estrin
Miniaturization and Moore’s law has enabled us to combine sensing, computation and wireless communication in integrated, low-power devices, and to embed networks of these devices in the physical world. By placing sensing devices up close to the physical phenomena we are now able to study details in space and time that were previously unobservable. Across a wide array of applications, the ability to observe physical processes with such high fidelity will allow domain experts to create models, make predictions, and manage critical resources. Looking back over the past few years we have made significant progress toward the vision of programmable, multi-modal, multi-scale, and multi-use observatories. We have made our greatest strides in these applications using multiscale data and models as context for the in situ measurements, and in network processing and mobility to achieve scalability (in terms of communication, energy, latency and coverage). We found that moving a sensor through a space is the only way to actually achieve dense sensing. And in network processing was needed because by processing data near the sensor source we not only make systems last longer (by conserving communication energy), but make the systems more reactive and interactive so other elements in the systems (including humans) can adapt to the varying physical observations of the system.

Please download these articles: Estrin Articel 1 and Estrin Article 2

Afternoon talk: "Participatory Urban Sensing", Deborah Estrin
We are applying embedded sensing to human as well as natural systems, in particular by exploring use of the installed base of image and acoustic sensors that we all carry around in our pockets or on our belts—mobile phones. We see these applications as going well beyond the intentional conversations and postings supported by sites such as Flikr and lifeblog to automated, programmable, and adaptive collection of both physical and social parameters at the personal and community level. There are important overlapping themes with environmental science applications, most critically the crucial importance of processing of data close to the source so as to address the varied but persistent needs of individuals to selective share these direct observations of their lives and spaces. Moreover, we see the continued importance of mobility to achieve coverage, and the challenge of verifiable location tagging in the context of mobility.

There are also two papers attached. RWS-Overview-Estrin-Final.pdf is general for the first talk, the 2nd, Mobiscope-Final.pdf is related to the 2nd talk.

1. Title: Biologically Based Approaches to Computer Security
Our software infrastructure confronts a situation increasingly similar to the challenges faced by living organisms in a biological ecosystem. Highly dynamic, complex, and hostile environments are placing new demands on our computational infrastructure. Biological design principles can potentially change the way we engineer, maintain, and evolve large dynamic software infrastructures. Examples of such principles include: adaptability, homeostasis, redundancy, and diversity.

The talk will illustrate how biological design principles are providing new insights and approaches in the field of computer security and privacy. The talk will describe results in intrusion detection, automated diversity and privacy-enhancing data representations.

2. Technological Networks: From Empirical Laws to Theory
Technological networks are essential to modern society, and the security of these networks depends in large part on their connectivity and dynamics. How do these properties scale with network size? Are there general principles underlying the growth and structure of technological networks? If such organizing principles exist, what do they tell us about security, efficiency, and stability as the networks grow? The talk explores these questions in the context of three example computational networks: Social networks on the Internet, the Border Gateway Protocol, and clock tree networks on computer chips.

A Personal Assistant System for Helping Elder People with Their Assisted Living

PAS: A Wireless-enabled Personal Assistance System for Independent Living
The aging of baby boomers is creating social and economic challenges. In the United States alone, the number of people over age 65 is expected to hit 70 million by 2030, doubling from 35 million in 2000. As the population ages there will be an increasing demand on health care resources, e.g., expenditures in the United States for health-care will grow to 15.9% of the GDP ($2.6 trillion) by 2010 (Digital 4Sight's Healthcare Industry Study). The ability of the current system to shift the burden of care to family members will become increasingly limited as a result of the decrease in birth rate and the increasing number of adults surviving to old age without living children. Innovative strategies will be needed to avoid the impending crisis.

Fortunately advances in sensing, event monitoring, wireless communications technologies make possible the unobtrusive supervision of basic needs of frail elderly and thereby replicate services of on-site health care providers and family members. Supported in part by National Science Foundation and Motorola Research, we have been in the process of designing, developing, and deploying a wireless-based software infrastructure, called Personal assistance system (PAS), with sensing, localization, monitoring, wireless communication, and event/data management that facilitates preservation of independence and quality of life of frail elderly. It is postulated that by providing real-time interaction between elderly people and remote care providers, PAS can delay their transfers to skilled nursing facilities and improve the quality of their lives (by preserving independence).

In this talk, we give an overview on how PAS exploits inexpensive, “off the shelf” technologies to assist elderly people to maintain the capability of independent living through time-based reminders of daily activities, non-intrusive monitoring of physiological functions and mobility profiles, and real-time communications with remote care providers and clinicians. In particular, we discuss how we establish in PAS a network of small, low-power devices that integrates sensors and bluetooth-enabled medical devices, how we equipped PAS with the capability of tracking in real-time (in addition to locating) humans and objects, and how we enhance the robustness and ubiquity of PAS by exploring use of cell phones as both the wireless modem and the local intelligence for data aggregation and acquisition. We also highlight the security, privacy, trust, reliability, and user-friendliness issues in the context of independent living. Finally, we present our findings in the pilot study carried out (in collaboration with Geriatricians at Washington University in Saint Louis) in Nazareth Living Center for Assisted Living, with respect to the effectiveness of PAS and the acceptance level of elder people towards the use of technologies.

Suggested readings beforehand are:
1) Personal Assistance System (pdf)

2) WISE PowerPoint Slides (ppt)

As new technologies are adopted by federal and state governments, the process by which decisions regarding appropriateness are made and reviewed by members of the public as well as the research community are not always optimal. The recent adoption of the RF-enabled e-Passport by the US Department of State offers an object lesson in the risks to the public when technology is introduced without an adequate technical assessment of the risks and benefits. This case study highlights the need for academics and other technology experts to stay abreast of public policy developments and to participate in the process of shaping public policy.

Jenn's slides in PDF format.

Reading materials:
M. Meingast, J. King, and D. Mulligan. Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport. In Proceedings of IEEE International Conference on RFID, March 2007.
http://www.law.berkeley.edu/clinics/samuelson/projects_papers/Meingast_King_Mulligan_RFID_2007.pdf
Federal Register, Vol. 70, No. 33
http://www.law.berkeley.edu/clinics/samuelson/projects_papers/2005sp_electronic_passports_notice.pdf
Federal Register, Vol. 70, No. 205.
http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/pdf/05-21284.pdf

In Defense of Public Places: New Perspectives on Visual Privacy in the 21st Century

Worldwide demand for security cameras has expanded greatly since 9/11/2001 and the London transport bombings. Over the same period, consumer demand for high resolution digital and cell-phone cameras has increased markedly. Video applications are being incorporated into learning, healthcare, family and work environments. Engineers are responding with new generations of highly sophisticated chips, lenses, robotic platforms, and systems.
In a rapidly evolving environment of unblinking eyes, technologically perfected recollections, and permanent visual records, what will it mean to have privacy? How will the introduction of unblinking eyes alter how we experience and behave in public and private spaces?
Camera and video technology are changing who we watch, what we watch, when we are watched, and redefining the purposes for which we watch. From crime and terrorism focused networks of security cameras, to human rights workers and demonstration observers armed with video cameras, to the proliferation of camera and video phones used to capture and some times share the mundane and extraordinary images presented by daily life, to real-time video connections between family, employers and colleagues, technologies of watching are generating complex questions about both our rights to document and enhance our lived experiences and our rights to enjoy some aspects of privacy in public places. Video and still footage of events such as the NYC protests during the republican convention, the prisoner abuse at Abu Ghraib, images of the war remind us of the powerful tonic visual images can be - providing checks on the abuse and misuse of authority, forcing us to reckon with the consequences of monumental decisions and policy choices, and providing alternative versions of the "truth." But for some the use of visual imaging technology by individuals in public places evokes a different set of images-the "up-skirt photographer," the publication of intimate moments occurring in public places, the paparazzi-and concerns-privacy, exploitation, and voyeurism. State use of advanced camera networks to constantly monitor public space counterpoises our deep desire for safety and our commitment to a free and open society that demands some limits on state access to information about citizens' activities. Monitoring aging family members and domestic workers, and connecting educational and work environments raise complicated questions about the privacy of all those who pass through these visually wired environments. Across each dimension visual imaging technology is outpacing law and public policy, destabilizing norms and expectations of personal privacy, and redefining public spaces.
Surveillance and sousveillance (watching from underneath) are becoming ubiquitous: we are watched by the government, corporations, institutions, and private individuals. Individuals use cameras to record events, document experiences, and capture "the moment." Governments are deploying them as both a counter-terrorism and crime-fighting tool. Businesses both use and prohibit them -- finding them useful to protect property, but a threat to intellectual property. The increasingly powerful pan, scan and zoom features, infrared /night vision and video capabilities as well as new developments in miniaturization and the embedding of cameras in small multi-use consumer electronic devices, enable camera users to capture intimate moments and communication details. The potential to meld biometric and data-mining technology with vast networks of video cameras conjures simultaneous fears of constant supervision, secret or public judgment and hopes that such information can be used to make us safer, better informed, and more connected to each other.
As we willingly or unwillingly submit to these invasions, we turn cameras back at our watchers, and we sometimes actively choose to display our images: publicizing our private lives through web cameras, photo blogs and other technologies. Video technology will join voice communication and email as a means of maintaining connection between families, communities, and workplaces. In this constantly changing environment of unblinking eyes, technologically perfected recollections, and permanent records, what will it mean to have privacy? And how we will experience and behave in public spaces? What degree of visual scrutiny are we willing to undergo in public spaces? What degree of privacy - absence from watching, fading of memory, anonymity - does a civil society require? What barriers does the law erect to surveillance and sousveillance in public places? What is the effect of pervasive watching on speech, conflict, and relations between the governed and the government? How does pervasive watching entrench or alter experiences based on gender, class and race? Can pervasively watched spaces fulfill
their role as "public spaces?" How are current developments in and uses of technology challenging our norms and laws and how have policymakers responded?

Suggested readings beforehand are:
1) Testimony to PIAB (in PDF)
2) William Rehnquist, Is An Expanded Right of Privacy Consistent With Fair and Effective Law Enforcement? Or: Privacy You’ve Come a Long Way, Baby, 31 KAN. L. REV. 1, 23.
3) H. Nissenbaum, "Protecting Privacy in an Information Age: The Problem of Privacy in Public," (pdf) Law and Philosophy, 17: 559-596, 1998

Demand Response Energy Systems -- privacy, security, technology and policy

In the wake of the California energy crisis of 2000-2001, the California Energy Commission (CEC) and California Public Utilities Commission (CPUC) are aggressively pursuing “demand response” (DR) energy programs aimed at reducing peak energy demand. Demand response systems convey information about market conditions through pricing or reliability signals to customers, who in turn, hopefully, alter their electricity consumption choices. In particular DR programs are aimed at shifting the time at which customers use energy through the implementation of time-varying tariffs. Armed with information about the time-varying cost of electricity residential and commercial customers are expected to reduce energy usage and/or shift their usage to non-peak, less costly, hours. Such shifts, even absent reductions in overall consumption, will hopefully reduce the likelihood of energy brown and black outs and provide direct savings to consumers. Technologies to enable the demand response system, including advanced metering research and development [OpenAMI] and sensor and control technologies development [DRETD], are under development. These technologies will be coupled with acommunication and network infrastructure that supports the multicast of real-time pricing information, and the aggregation of energy usage and billing information.
A core component of the demand response system is the collection of information about energy consumption from residential and commercial buildings at frequent intervals. The analog electric meters prevalent today are unsophisticated instruments that allow a meter reader to assess electricity use during the time interval between meter readings. The meters found in basements and on exterior walls, are typically read once a month by an employee of the utility who visits on foot.

Over the next years these meters may be replaced by digital meters that collect data at frequent intervals, store it for many days, and transmit it wirelessly to the utility. Meters likely to be installed are expected to contain a data collection module that will enable hourly readings and wireless transmittal of these readings to the utilities. Advanced metering installations may be capable of greater internal processing and have enhanced data storage capability. These meters are expected to collect data on electricity consumption at intervals ranging from one hour down to fifteen minutes. There is little agreement on how often meter readings will be sent to the utility or the intermediate nodes (concentrators) within the neighborhood, and the period for which readings will be retained in the meter, the nodes or the utility. The meters will collect and send a data set including a unique meter identifier, timestamp, usage data and some form of time synchronization information. The data is expected to be in a proprietary format unique to the individual manufacturer or utility, although some participants are looking forward to the availability of open standards and architecture for meters.
The changes in the frequency, format, contents, storage and transmission of data about electricity consumption that are integral to the planned demand response infrastructure raise interesting questions about the ongoing viability of maintaining, as a technical, practical and legal matter, the privacy of activities occurring within the home. How will the system architecture and business models address the increased sensitivity of meter readings? For example, imagine a future “wardriving” incident where wardrivers detect and monitor the unencrypted traffic between household meters and neighborhood level concentrators that relay energy usage information to the utilities. Monitoring such communications could provide information about occupancy on a per house, block, or neighborhood level. Armed with such information a criminal could relatively easily assess the best time to burglarize homes or engage in other property crimes in a neighborhood. How will the business models of utilities evolve to take advantage of the more detailed information that can be gleaned from energy consumption data taken at fifteen-minute intervals? How will the increased information about in-home activities generated, transmitted and stored in DR systems be dealt with under the Fourth Amendment to the US Constitution?

Reading beforehand:
1) http://ciee.ucop.edu/dretd/documents/DR%20Security%20Final%20Report%20(DRAFT).pdf
OR http://tinyurl.com/y48r8x -- for short
2) http://stlr.stanford.edu/pdf/Mulligan-Lerner-abstract.pdf

Session 1: Towards Fingerpointing in Distributed Systems

This session will focus on multiple aspects of dependability in distributed systems, including those related to system adaptation and problem diagnosis. Distributed systems are increasingly growing larger and more complex, and becoming vulnerable to the propagation of failures due to the inherent coupling between components. Fingerpointing (i.e., root-cause analysis, problem determination or failure diagnosis) is especially challenging in these environments because the resulting fault-manifestations can travel, obscuring the root-cause of the problem and leading to potential red-herrings in diagnosis. This session will describe in detail some of our initial investigations and the lessons learned in fingerpointing the root-cause of a variety of problems in replicated distributed systems. Our current approach to diagnosing correlated performance problems combines node-level (local) anomaly detection with subsequent system-wide (global) fingerpointing. The session will also cover some of our work in failure prediction, as well as ongoing and future directions in our fingerpointing research.

Session 2: Assistive Embedded Technologies

This session will focus on multiple aspects of networked embedded-systems research. In particular, this session will focus on Trinetra, a project focused on developing assistive technologies through the integration of commercial off-the-shelf embedded systems. Equipped with a smartphone and a Bluetooth-enabled barcode scanning device, the initial Trinetra system provided blind people with an increased degree of independence in grocery shopping. This session will describe some of the principles underlying assistive technologies for the blind, through the lessons that we have learned in developing and deploying Trinetra. Also covered will be ongoing and future research directions with assistive technologies for the blind and other target demographics. This session will also highlight some of our related sensor-network research, particularly in the areas of embedded sensor middleware and secure code updates.

1-- Title: Towards an Automatic Immune System for Internet Health
Just as any living organism is constantly threatened by rapacious pathogens, the Internet is continuously threatened by cyber pathogens (e.g., Internet worms, botnets, spyware), which have caused billions of dollars of estimated annual financial losses. Just as any living organism needs a strong immune system to survive and be healthy, so does the Internet. My research group has devised various techniques (and systems) towards this goal. In this talk, I will give one such example---Sting, an automatic immune system against Internet worms. Sting can automatically and accurately detect new exploits even for previously unknown vulnerabilities, and generate effective anti-bodies (including signatures and hardened binaries) to protect vulnerable hosts and networks from further attacks; with proven properties, and all just within minutes or even seconds. I will then offer a glimpse of some of our other results in the area, including automatic dissection of malicious binaries to discover hidden behaviors and threats.
-------------------------------------------------------------------
2-- Title: Privacy-preserving search, set operations, and beyond
In this talk, I will describe our recent work on designing practical cryptographic primitives and security mechanisms to enable secure and privacy-preserving information aggregation and processing. As one example, I will talk about searching on encrypted data, in particular, how to enable keyword and range queries on encrypted data without revealing any other information about the content of the data. As another example, I will describe our new approach to enable private stream search, and as an application, a private version of the Google News Service, where users obtain news feeds that match their keyword queries from the servers without the servers knowing what keywords the user is searching for or which news articles actually match the user's query. Finally, I will describe our algorithm to enable privacy-preserving set operations, where only the result of the set operations will be revealed and no additional information about users' private input sets will be leaked. Set operations are among the most common primitives in database operations; our mechanism provides the first efficient privacy-preserving solution for a broad spectrum of different set operations and enables important applications in different areas such as medical system privacy and privacy in distributed network monitoring systems. I will conclude with future work and applications and some intriguing open problems.

Security and Privacy Issues in Sensor-based Remote Health Care System

Advances in medical monitor devices, sensors and wireless networking technology have made possible the development of medical sensor network which allows remote and in-home health care. Such medical sensor systems have tremendous potential to improve medical care by reducing costs and increasing life quality. However, to realize it's potential, many urgent technical issues arise, mainly due to the privacy nature associated with the medical information and its high fidelity and reliable transmission requirement. This talk discusses the system architectures, algorithms and network protocols that are able to provide high resilience quality-of-service-assured sensor-based health monitoring service that preserves sensitive patient information.