Fall 2009

December 9 - Tamper Evident Microprocessors

Adam Waksman, PhD student, Columbia University

Hardware security is critical because all higher level security (e.g., operating systems and other software) rely on secure hardware. Microprocessor designs today are more vulnerable to insider attacks than ever before due to increasing complexity, design team sizes, and use of third party components. In this talk, it will be shown that by employing practical, lightweight attack detectors within a microprocessor, it is possible to provide assurance against malicious logic embedded in microprocessor hardware.

This talk proposes a distributed net of dynamic checkers that detect RTL level backdoors in the design at runtime. The mechanism proposed leverages the fact that multiple components within a microprocessor (e.g., fetch, decode pipeline stages, etc.) must necessarily coordinate and communicate to execute instructions, and that any attack on a microprocessor must cause erroneous communications between microarchitectural subcomponents in a processor. A key aspect of this solution is that it is itself highly resilient to attack because it is distributed across all on-chip components.

December 2 - Identity Fails: Limits of Online Authentication

Cem Paya, Information Security Engineer, Google

This talk focuses on the problems with representing identity online faced by individuals, websites and commercial entities. For the most part, the current challenges are not a result of the limitations in existing protocols or quality of these protocols' implementations, but rather an artifact of how identity management systems were initially conceived. We will survey examples of the way these legacy effects constrain current systems designers. On the end-user front, we discuss why most users are stuck with using passwords, why identity federation faces slow adoption and why deploying two-factor authentication to consumers has proved difficult. Similarly, in looking at the way commercial entities such as websites and software publishers prove their identity to prospective users, we run into basic problems with the standard trust model rooted in certificate authorities. Standard implementations of SSL and code signing create economic incentives for lower assurance identities and higher risk of mistakes, exacerbated by a history of CA errors. Meanwhile, evidence from usable security research is mounting that the users these schemes are designed to protect remain indifferent to the solutions.

November 11 - Automated Document and Media Exploitation

Simson Garfinkel, Associate Professor, Naval Postgraduate School

This talk will present current research taking place in the field of Automated Document and Media Exploitation (ADOMEX) - a pursuit that broadly combines the tools of computer forensics with the techniques of artificial intelligence. The talk will present the result of two research projects, one which seeks to use data mining to determine ownership or agency of data carved from multi-user hard drives, and a second that seeks to broadly characterize the contents of a terabyte hard drive in less than two minutes. We will then discuss opportunities for increasing scientific rigor in the field of computer forensics, and present several corpora that we have made available for research.

November 4 - Usable Policy Template Authoring for Iterative Policy Refinement

Maritza Johnson, PhD student, Columbia University

Policies can be used to customize a wide range of system behavior. People need usable policy tools to create high- quality policies. Policy templates offer users a guide in creating intended policies; however, the existing methods for creating policy templates require dedicated programming expertise. We created a GUI-based prototype that enables users to create policy templates. We conducted an empirical user study with 20 participants who used the prototype to create templates to cover sets of policies that were presented in scenarios in the ecommerce and social networking domains. The participants successfully created the policy templates, and used three different strategies in their approach to the task. Based on the research, we propose three user roles for an iterative policy refinement process spanning policy authoring, policy template authoring, and attribute definition. Based on the results of the user study, we introduce the concept of smart attributes to further enhance the management and flexibility of templates.

October 14 - Security Issues in the Financial Services Industry

Andrew Sherman, IT Security Architecture, Credit Suisse

Financial Services is a diverse global industry, providing a wide array of services to a client base that ranges from individual depositors to large businesses and governments. The drivers for security in this industry include information confidentiality, transactional integrity, regulatory privacy, and reputational preservation. This talk will discuss several categories of current concern, including data confidentiality, fraud, phishing, and application security and the strategies, procedural and technical, that are used to mitigate the security risks.

October 7 - Stealing the Internet

Anton Kapela

Alex Pilosov and Anton Kapela presented a method for creating an Internet-Scale Man-In-The-Middle attack at the 08' "Defcon" security conference in Las Vegas. It's been roughly a year since the presentation, though not much has changed on the big-I Internet. This talk will provide a focused rehash of the method employed at Defcon, in addition to discussing a crude metaphorical model for why the vulnerability exists, which Anton has coined "consistent anisotropism." The presentation will conclude with cursory research into whether this class of vulnerability could affect other routing protocols (ospf, isis), hopefully encouraging further investigation and examination within the engineering and research community.

September 30 - Cybersecurity Through An Identity Management System

Elli Androulaki and Binh Vo, PhD students, Columbia University

Cybersecurity is a concern of growing importance as internet usage continues to spread into new areas. Strong authentication combined with accountability is a powerful measure towards individuals' protection against any type of identity theft. On the other hand, such strong identification raises privacy concerns. In this paper, we argue that authentication, accountability and privacy can be combined into a single, deployable identity management system which can be adopted to current citizenship database infrastructures. More specifically, we present the properties that such a system would need in order to meet the applications of current infrastructures, aid in general operations of day to day life, and take into consideration the privacy of individuals.

September 16 - Efficient Robust Private Set Intersection

Mariana Raykova, PhD student, Columbia University

Computing Set Intersection privately and efficiently between two mutually mistrusting parties is an important basic procedure in the area of private data mining. Assuring robustness, namely, coping with potentially arbitrarily misbehaving (i.e., malicious) parties, while retaining protocol efficiency (rather than employing costly generic techniques) is an open problem. In this work the first solution to this problem is presented.

Joint work with Dana Dachman-Soled, Tal Malkin, and Moti Yung