Everyone is encouraged (required? expected?) to present their ongoing work to the group. Email Ahren Studer (astuder AT cmu.edu) with title and abstract if you want control over the date on which you present. We have tried two presenters per meeting (Fall 2007) and found that we generally run short on time. Thus, one presenter per meeting.

Policy change: We will allow practice talks if the talk itself consumes less than 30 minutes of the session, so that we have the remaining time for discussion. However, work-in-progress receives higher priority than practice talks, and we are striving for at least half of our meetings to cover work-in-progress.

All CSS meetings are at noon on FRIDAYS (note the change from previous semesters!) and include lunch. We have CIC 2101 reserved but suits and checkbooks have the power to preempt us.

• Aug 28, 2009 CIC 2101
  Steve Sheng. A Policy Analysis of Phishing Countermeasures
  Abstract: Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. This thesis looks at the phishing problem holistically by examining various stakeholders and their countermeasures, and by surveying experts' opinions about the current and future threats and the kinds of countermeasures that should be put in place. It composed of four studies.
  In the first study, we conducted semi-structured interviews with 31 anti-phishing experts from academia, law enforcement, and industry. We surveyed experts' opinions about the current and future of phishing threats and the kind of countermeasures that should be put in place. Our analysis led to eight key findings and 18 recommendations to improve phishing countermeasures. In the second study, we study the effectiveness of popular phishing tools that are used by major web browsers. We used fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found blacklists were ineffective when protecting users initially. The tools that uses heuristics to complement blacklists caught significantly more phish than blacklist-only tools with very low false positives. In the third study, we describe the design and evaluation of Anti-Phishing Phil, an online game that teaches users good habits to help them avoid phishing attacks. We used learning science principles to design and iteratively refine the game. We evaluated Anti-Phishing Phil through laboratory and real-world experiments. These experiments showed that people trained with Anti-Phishing Phil were much better at detecting phishing websites, and they retain knowledge after one week. In the fourth and final study, we study demographics and phishing susceptibility with a role play survey administered to 1033 users of Mechanical Turk.
• Sep 4, 2009 CIC 2101
  Eiji Hayashi. WebTicket: Web Account Management Using Printable Tokens
  Abstract: When using web services, users authenticate themselves by providing their user IDs and passwords. For security reasons, authentication system requires users to choose secure passwords, i.e., random sequences of characters, and to choose different passwords for different accounts. However, users have difficulties in memorizing many random sequences. Hence, users resort to choose easy, guessable passwords, and to reuse a password for multiple accounts. As a results, user authentication becomes less secure than it should be.
  In this talk, we will introduce a web account management system, "WebTicket", which uses printable tokens, "tickets", to authenticate users. On a "ticket", a two-dimensional barcode is printed. The barcode contains URL of a login form, user ID and encrypted password. When a user wants to login to their accounts using a ticket, the user just needs to click an icon on a browser toolbar, and show the barcode to a web camera connected to a computer. Then, a browser automatically open a web site and login to an account on behalf of the user.
  Through a user study consisting of 20 participants, we demonstrated that WebTicket could provide a reliable authentication, and that users perceived a login process using tickets easier and shorter than ones using passwords.
• Sep 11, 2009 CIC 2101
  Jon McCune. How to Have a Bad Career in Research/Academia
  
• Sep 18, 2009 CIC 2101
  Nataliia Bielova. Towards Practical Enforcement Theories
  Abstract: Runtime enforcement is a common mechanism for ensuring that program executions adhere to constraints specified by a security policy. It is based on two simple ideas: the enforcement mechanism should leave good executions without changes and make sure that the bad ones got amended. From the theory side, a number of papers (Schneider, Hamlen et al., Ligatti et al., Talhi et al.) provide the precise characterization of good executions that can be captured by a security policy and thus enforced by a specific mechanism. Unfortunately, those theories do not distinguish what happens when an execution is actually bad (the practical case). The theory only says that the outcome of enforcement mechanism should be “good” but not how far should the bad execution be changed. If we consider a real-life example of a drug dispensation process in a hospital the notion of security automata or even edit automata would stop all the requests by all doctors on all drugs and all dispensation protocols, as soon as a doctor forgot to insert the research protocol number. In this work we explore a set of policies called iterative properties that revises the notion of good traces in terms of repeated iterations. We start discussing how an enforcement mechanism can actually deal with bad executions (and not just only the good ones).
• Oct 9, 2009 CIC 2201
  Dilsun Kaynar. Towards Differential Privacy for Systems
  Abstract: Differential privacy is a promising approach to privacy-preserving data analysis. This work is motivated by statistical data sets that contain personal information about a large number of individuals, for example, census or health data. In such a scenario, a trusted party collects personal information from a representative sample with the goal of releasing statistics about the underlying population while simultaneously protecting the privacy of individuals by means of a sanitization mechanism. Differential privacy requires that the probability of producing an output, obtained by evaluating a sanitization function over the data set, should not change much irrespective of whether information about any particular individual is in the data set or not.
  Despite a relatively well-developed theory of differentially private functions and recent work on implementing database systems that aim to provide differential privacy, no formal model and associated proof technique exist for establishing differential privacy for such systems. Our work has the goal of bridging this gap.
  In this talk, I will introduce the original definition of differential privacy, show how we recast it in our formalism and extended it to make it applicable in the analysis of practical systems. Specifically, we extended the original definition to account for data sets changing over time. I will then present a proof technique that we developed to prove that a system modeled as a probabilistic automaton satisfies differential privacy. I will also talk about how we are continuing this work to lift our results that focus on stand-alone databases to the more general setting of distributed information sharing systems that contain databases as a component.
  This is joint work with Anupam Datta and Michael Tschantz.
• Oct 23, 2009 CIC 2201
  Kami Vaniea. Security and Privacy of Health Care Technologies
  
• Oct 30, 2009 CIC 2101
  Yuan Liang. Detection and Prediction of Misconfigurations in Access Control Policy
  This paper aims to improve the detection and prediction of misconfigurations that may lead to denials of legitimate accesses in access control policies. After introducing previous work of using association rule mining to detect misconfigurations, we discuss different methods to improve the performance, including clustering, negative information, subgoals. We then present the neighbor recommendation way of prediction integrated of these methods and analyze the experimental results. We compare the result with that of association rule mining and conclude that the new frame is simpler than association rule mining while can reach higher performance.
• Nov. 6 CIC 1301
  Quoc Tran. Hashing It Out In Public
  Anonymous overlay networks allow arbitrary Internet hosts to communicate while hiding their identity. Several schemes have been deployed, however they have limited scalability. There have been proposed schemes in the literature that are more scalable by using distributed hash tables. However, there are common design flaws that allow highly effective attacks against anonymity. I will outline how attacks on DHT routing lead to attacks on anonymous circuits due to the mismatch in security requirements.
• Nov. 13 CIC 2201
  Ghita Mezzour. Privacy-Preserving Path Discovery for Social Networks
  As social networks sites continue to proliferate and are being used for an increasing variety of purposes, the privacy risks raised by the full access of social networking sites over user data become uncomfortable. A decentralized social network would help alleviate this problem, but offering the functionalities of social networking sites is a distributed manner is a challenging problem. In this paper, we provide techniques to instantiate one of the core functionalities of social networks: discovery of paths between individuals. Our algorithm preserves the privacy of relationship information, and can operate offline during the path discovery phase. We simulate our algorithm on real social network topologies.
• Dec. 4 CIC 2101
  Michael Tschantz. A Semantics of Purpose
  

About CSS

The group is semi-formal, in that one person begins by presenting their ongoing work (if it is accepted for publication, it is too polished; we like the rough stuff). Meetings are considered to be a success when discussion takes over and the presentation does not proceed as planned. The main point of CSS is to stay abreast of what our local peers are up to while helping them to refine and improve their work.

We encourage researchers of all abilities to attend, from undergrads to faculty. We encourage people to ask questions, even those that may seem "stupid", as they often lead to interesting discussions and insights. Example discussion and questions may include:

• What exactly is the problem solved? Often it is hard to understand exactly what problem is really being solved by the solution. An intro may have very general statements about a very vague problem, while the solution has many assumptions built in.
• Do you buy the solution? Do you think in reality the solution won't work, is too expensive, etc..
• What improvements can be made?
• What paper/advancement would you expect to be made next in this area?

Mailing Lists

We maintain an Andrew mailing list called "cylab-student-seminar". You can subscribe/unsubscribe/view archives via the CSS mailman site.

The email address is cylab-student-seminar@lists.andrew.cmu.edu. E-mail to the list and archives is restricted to CMU accounts.

Archives

• Spring 2009
• Fall 2008
• Spring 2008
• Fall 2007