All CSS meetings are at noon on Tuesdays and include lunch. We have CIC 2101 reserved but suits and checkbooks have the power to preempt us.

• Oct 2, 2007 CIC 2101
  Dan Wendlandt. Improving SSH security by addressing Leap-of-Faith authentication.
• Oct 9, 2007 CIC 2101
  Bryan Parno. Preventing large-scale leaks of data (e.g., 60,000 social security numbers).
  James Hendricks. Low-Overhead Byzantine Fault-Tolerant Storage.
• Oct 16, 2007 CIC 2101
  Dilsun Kaynar. Task-PIOA Framework for Analyzing Security Protocols: An Overview.
  Abstract: I will give an overview of a modeling and analysis framework for cryptographic protocols based on probabilistic I/O automata. I will use an Oblivious Transfer protocol as an example to illustrate the main features of this framework. The talk is based on joint work with Ran Canetti, Ling Cheung, Moses Liskov, Nancy Lynch, Olivier Pereira, and Roberto Segala.
  Jon McCune. Minimal TCB User I/O.
  Abstract: This talk will cover two aspects of our ongoing work on minimal TCB code execution: linking a machine's electronic identity with its physical identity, and architecting a practical user I/O system so that applications without a clear client-server model can benefit.
• Oct 23, 2007 Room change **** CIC 1301 **** Room change
  Ahren Studer. Location-based access control.
  Abstract: It is a recognized fact that the majority of laptop users do not consider security their first priority. Only after losing the device do users think of security and exposure of data. Prior works have proposed access control mechanisms which could prevent data breeches. However, the average user continues to regard security measures as needless and cumbersome (often turning them off or rendering them ineffective).
      In this work, we propose an approach to access control which leverages users' trust in a location to provide a zero overhead authentication mechanism. We observe that users trust certain locations more than others (e.g., the office vs. the coffee shop) and only access sensitive files while in a trusted location. Our mechanism protects the sensitive files such that a user gains automatic access to the files while in the trusted location, but must authenticate him/herself when outside of the trusted location. All that we require is that the user identifies what are sensitive files and what is a trusted location. This helps protect sensitive data that falls into the wrong hands while expecting very little of the user.
• Oct 30, 2007 CIC 2101
  Sasha Romanosky. Do data breach disclosure laws reduce identity theft?
  Abstract: Consumer identity theft resulted in losses of around $50 billion dollars in 2006 with close to 30% of these losses originating from corporate data breaches. Data breach disclosure laws are possible solutions to these losses, yet their full effects have yet to be empirically studied. We use fixed effects regression and difference-in-difference estimation to measure the effects of US state data breach disclosure laws on identity theft over the years 2002 to 2006. We find that the laws have a statistically significant affect only in certain circumstances. However, overall, we find no strong evidence that these laws reduce identity theft.
  TBD.
• Nov 6, 2007 CIC 2101
  Yoshihiro Shin. Ph.D., Cylab Japan. Tracking-Aware Access Control based on Consensual Disclosure
  Abstract: Access control for ubiquitous computing is required to be seamless and transparent. However, a naive implementation of such access control may cause serious problems of privacy invasion. In this presentation, we will focus on the importance of tracking-aware access control based on "consensual disclosure". --- Unless a user gives an explicit consent, an unconditional, provable and verifiable untrackability should be guaranteed. I will present cryptographic schemes and protocols to realize the above concept. Also, it will be show that the schemes are provably secure and more efficient than the known untrackable signature schemes (i.e. group signature schemes), and also briefly describe about the prototype system of the proposed protocols.
• Nov 13, 2007 CIC 2101
  Jim Newsome. Influence: A Unified Approach for Quantitative Taint Analysis and Information Flow Analysis
  Abstract: A number of systems employ \emph{taint analysis} to detect overwrite attacks in software. These systems are based on the premise that data derived from untrusted sources should not be used in certain ways, such as as function pointers or as return addresses. Unfortunately, there are several programming constructs that can cause false positives and false negatives in taint analysis, which are currently handled by manual annotation, ad-hoc rules, or not at all.
  In this work we propose a quantitative measure of the taint attribute, which we call \emph{influence}. We show that the influence measure gives correct results in the cases known to be problematic for taint analysis. We also formalize the relationship between taint analysis and information flow by showing that influence is exactly equal to the maximum information flow (channel capacity) from the tracked input to the value in question. We propose and implement a technique for measuring influence (channel capacity) in binary programs. Compared to previous work in quantitative information flow, which uses transfer functions to over-approximate information flow, we employ an end-to-end analysis that is able to calculate a sound lower bound. We show that influence, and our influence measurement techniques, are useful and practical for real-world code constructs and programs.
• Nov 20, 2007 CIC 2101
  Serge Egelman. Cancelled.
• Nov 27, 2007 Room change **** CIC 1301 **** Room change
  Serge Egelman. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings
  Abstract: Many popular web browsers are now including active phishing warnings after previous research has shown that passive warnings are often ignored. In this laboratory study we examine the effectiveness of these warnings and examine if, how, and why they fail users. We simulated a spear phishing attack to expose users to browser warnings. We found that 97% of our sixty participants fell for at least one of the phishing messages that we sent them. However, we also found that when presented with the active warnings, 79% of participants heeded them, which was not the case for the passive warning that we tested---where only one participant heeded the warnings. Using a model from the warning sciences we analyzed how users perceive warning messages and offer suggestions for creating more effective warning messages within the phishing context.
• Dec 4, 2007 CIC 2101
  Janice Tsai. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study
  Abstract: While most people claim to be very concerned about their privacy, they do not consistently take actions to protect it. Web retailers detail their information practices in their privacy policies, but most of the time this information remains invisible to consumers. This paper reports on research undertaken to determine whether a more prominent display of privacy information will cause consumers to incorporate privacy considerations into their online purchasing decisions. We designed an experiment in which a shopping search engine interface, Privacy Finder, clearly displays privacy policy information provided by retailers in a machine-readable format. Our research shows that providing accessible privacy information reduces the information asymmetry gap between merchants and consumers. This reduction tends to lead consumers to purchase from online retailers who better protect their privacy. Additionally, our study indicates that once privacy information is made more salient, some consumers are willing to pay a premium to purchase from more privacy protective websites.
• Dec 11, 2007 CIC 2101
  Shobha Venkataraman. Traffic Analysis for Network Security using Learning Theory and Streaming Algorithms
  Abstract: There has been much interest in using machine learning and data mining algorithms to automatically identify unusual patterns of network traffic, and thus identify attacks and anomalies. However, traffic analysis for network security has many fundamental challenges that are not present in typical machine learning problems, and just a direct application of machine learning algorithms may not address them adequately. For example, many standard machine learning algorithms may not scale to the volume and diversity of network traffic, or perform well in the presence of a malicious adversary who aims to evade detection. It is, therefore, necessary to design algorithms that meet these challenges, and provide formal guarantees on how well they have been met by the algorithms and the extent to which they can be met by any algorithm.
  In this thesis, we consider four problems in network security with these challenges, and we use tools from computational learning theory and streaming algorithm design to address them. In each problem, the differences between malicious and normal traffic is characterized by specific structure in traffic distributions: temporal structure, structure in content, structure in communication patterns of hosts and network structure given by host IP addresses. We present both efficient algorithms and fundamental lower bounds for these problems.
  (1) In the stepping-stones problem, we use the temporal structure of the traffic -- in particular, the inter-packet timing delays -- to design algorithms for accurate detection. We also provide lower bounds that show when an adversary could evade any detection mechanism that uses only packet-timing information.
  (2) Pattern-extraction techniques for automatic signature generation identify packets that are likely to be exploits, through their unusual content structure. We present lower bounds showing how, in an adversarial setting, any pattern-extraction algorithm for generating signatures could be evaded.
  (3) We present efficient streaming algorithms to identify superspreaders, which are sources that contact many distinct destinations in a short time period. Through theoretical guarantees and experimental results, we demonstrate that our algorithms can accurately and efficiently detect superspreaders.
  (4) Finally, we explore how to dynamically identify and track regions of the IP space that originate malicious traffic. First, we focus on spam traffic, and explore whether the history and structure of IP addresses could be used to distinguish spammers from senders of legitimate mail. In ongoing work, we design online algorithms that, in low space, can provide a near-optimal prediction of which IP addresses send malicious and normal traffic.

About CSS

The group is semi-formal, in that one person begins by presenting their ongoing work (if it is accepted for publication, it is too polished; we like the rough stuff). Meetings are considered to be a success when discussion takes over and the presentation does not proceed as planned. The main point of CSS is to stay abreast of what our local peers are up to while helping them to refine and improve their work.

We encourage researchers of all abilities to attend, from undergrads to faculty. We encourage people to ask questions, even those that may seem "stupid", as they often lead to interesting discussions and insights. Example discussion and questions may include:

• What exactly is the problem solved? Often it is hard to understand exactly what problem is really being solved by the solution. An intro may have very general statements about a very vague problem, while the solution has many assumptions built in.
• Do you buy the solution? Do you think in reality the solution won't work, is too expensive, etc..
• What improvements can be made?
• What paper/advancement would you expect to be made next in this area?

Mailing Lists

We maintain an Andrew mailing list called "cylab-student-seminar". You can subscribe/unsubscribe/view archives via the CSS mailman site.

The email address is cylab-student-seminar@lists.andrew.cmu.edu. E-mail to the list and archives is restricted to CMU accounts.

Archives

Nothing here yet. The plan is to migrate old semesters down here once a semester has elapsed.