CS 7936 — Computer Security & Privacy Seminar, Fall 2016


Wednesdays, 12:00–1:00 PM, 3485/3490 MEB (Flux / NE Conference Room)

Navigation Links: Schedule | Overview | Credit | Reading and Presenting

Past offerings: Spring 2016 | Fall 2015 | Spring 2015

Date Presenter Topic
12/7 Kent Seamons
TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication
More info Abstract:
In this talk, I will describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We will discuss the design and evaluation of a prototype implementation of TrustBase on Linux. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.

Bio:
Dr. Kent Seamons is the Director of the Internet Security Research Lab in the Computer Science Department at BYU. His research interests are in usable security, privacy, authentication, end-to-end encryption, identity management, and trust management. He has published over 65 peer-reviewed papers that have been cited over 4,500 times. Dr. Seamons has been awarded over $5 million in funding from NSF, DHS, DARPA, and industry. He is also a co-inventor on four patents in the areas of automated trust negotiation, single sign-on, and security overlays.
11/30 Sean McKenna
Understanding the Context of Network Traffic Alerts (Cappers and Wijk)
More info Abstract:
For the protection of critical infrastructures against complex virus
attacks, automated network traffic analysis and deep packet inspection
are unavoidable. However, even with the use of network intrusion
detection systems, the number of alerts is still too large to
analyze manually. In addition, the discovery of domain-specific
multi stage viruses (e.g., Advanced Persistent Threats) are typically
not captured by a single alert. The result is that security experts are
overloaded with low-level technical alerts where they must look for
the presence of an APT. In this paper we propose an alert-oriented
visual analytics approach for the exploration of network traffic content
in multiple contexts. In our approach CoNTA (Contextual analysis
of Network Traffic Alerts), experts are supported to discover
threats in large alert collections through interactive exploration using
selections and attributes of interest. Tight integration between
machine learning and visualization enables experts to quickly drill
down into the alert collection and report false alerts back to the intrusion
detection system. Finally, we show the effectiveness of the
approach by applying it on real world and artificial data sets.
11/23 Michael McConville
Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 (Lerner et al)
More info Abstract:
Though web tracking and its privacy implications have received much
attention in recent years, that attention has come relatively recently
in the history of the web and lacks full historical context. In this
paper, we present longitudinal measurements of third-party web tracking
behaviors from 1996 to present (2016). Our tool, TrackingExcavator,
leverages a key insight: that the Internet Archive’s Wayback Machine
opens the possibility for a retrospective analysis of tracking over
time. We contribute an evaluation of the Wayback Machine’s view of past
third-party requests, which we find is imperfect—we evaluate its
limitations and unearth lessons and strategies for overcoming them.
Applying these strategies in our measurements, we discover (among other
findings) that third-party tracking on the web has increased in
prevalence and complexity since the first third-party tracker that we
observe in 1996, and we see the spread of the most popular trackers to
an increasing percentage of the most popular sites on the web. We argue
that an understanding of the ecosystem’s historical trends—which we
provide for the first time at this scale in our work—is important to any
technical and policy discussions surrounding tracking.
11/16 Zirak Zaheer
A descriptive study of Microsoft's threat modeling technique (Scandariato et al)
More info Abstract:
Microsoft's STRIDE is a popular threat modeling technique commonly used to discover the security weaknesses of a software system. In turn, discovered weaknesses are a major driver for incepting security requirements. Despite its successful adoption, to date no empirical study has been carried out to quantify the cost and effectiveness of STRIDE. The contribution of this paper is the evaluation of STRIDE via a descriptive study that involved 57 students in their last master year in computer science. The study addresses three research questions. First, it assesses how many valid threats per hour are produced on average. Second, it evaluates the correctness of the analysis results by looking at the average number of false positives, i.e., the incorrect threats. Finally, it determines the completeness of the analysis results by looking at the average number of false negatives, i.e., the overlooked threats.
11/2 Sahar Mehrpour
Is This Thing On? Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms (Egelman et al)
More info Abstract:
We are approaching an environment where ubiquitous computing
devices will constantly accept input via audio and
video channels: kiosks that determine demographic information
of passersby, gesture controlled home entertainment
systems and audio controlled wearable devices are just a few
examples. To enforce the principle of least privilege, recent
proposals have suggested technical approaches to limit thirdparty
applications to receiving only the data they need, rather
than entire audio or video streams. For users to make informed
privacy decisions, applications will still need to communicate
what data they are accessing and indicators will
be needed to communicate this information. We performed
several crowdsourcing experiments to examine how potential
users might conceptualize and understand privacy indicators
on ubiquitous sensing platforms.
10/26 Adam Conkey
Adversarial Machine Learning (Huang et al)
More info Abstract:
In this paper (expanded from an invited talk at AISEC
2010), we discuss an emerging field of study: adversarial machine
learning—the study of effective machine learning techniques
against an adversarial opponent. In this paper, we:
give a taxonomy for classifying attacks against online machine
learning algorithms; discuss application-specific factors
that limit an adversary’s capabilities; introduce two
models for modeling an adversary’s capabilities; explore the
limits of an adversary’s knowledge about the algorithm, feature
space, training, and input data; explore vulnerabilities
in machine learning algorithms; discuss countermeasures
against attacks; introduce the evasion challenge; and discuss
privacy-preserving learning techniques.
10/19 Ayla Khan
ASIDE: IDE support for web application security (Xie et al)
More info Abstract:
Many of today's application security vulnerabilities are introduced by software developers writing insecure code. This may be due to either a lack of understanding of secure programming practices, and/or developers' lapses of attention on security. Much work on software security has focused on detecting software vulnerabilities through automated analysis techniques. While they are effective, we believe they are not sufficient. We propose to increase developer awareness and promote practice of secure programming by interactively reminding programmers of secure programming practices inside Integrated Development Environments (IDEs). We have implemented a proof-of-concept plugin for Eclipse and Java. Initial evaluation results show that this approach can detect and address common web application vulnerabilities and can serve as an effective aid for programmers. Our approach can also effectively complement existing software security best practices and significantly increase developer productivity.
9/21 Chad Brubaker
[NOTE: Room change] Chad Brubaker Q&A (Android platform hardening)
More info Why should I talk to Chad / what should I talk about with Chad?

A. He works in the Android Security group at Google, concentrating on
hardening the OS.

B. nogotofail - a tool that lets you test your network traffic for
TLS/SSL vulnerabilities and misconfigurations via client and/or a VPN
(http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html)

C. "there is also the Android Network Security Config I made for
Android N (http://developer.android.com/preview/features/security-config.html),
its the tock to the tick-tock of the "find and understand
issues"/"kill root cause of issues" that nogotofail started and allows
for developers to do all the customization that we saw people trying
to do but in a way that's hard to get wrong and safe."

D. Using Frankencerts for Automated Adversarial Testing of Certificate
Validation in SSL/TLS Implementations

Modern network security rests on the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. Distributed systems, mobile
and desktop applications, embedded devices, and all of secure Web rely
on SSL/TLS for protection against network attacks. This protection
critically depends on whether SSL/TLS clients correctly validate X.509
certificates presented by servers during the SSL/TLS handshake
protocol. We design, implement, and apply the first methodology for
large-scale testing of certificate validation logic in SSL/TLS
implementations. Our first ingredient is "frankencerts," synthetic
certificates that are randomly mutated from parts of real certificates
and thus include unusual combinations of extensions and constraints.
Our second ingredient is differential testing: if one SSL/TLS
implementation accepts a certificate while another rejects the same
certificate, we use the discrepancy as an oracle for finding flaws in
individual implementations. Differential testing with frankencerts
uncovered 208 discrepancies between popular SSL/TLS implementations
such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many
of them are caused by serious security vulnerabilities. For example,
any server with a valid X.509 version1 certificate can act as a rogue
certificate authority and issue fake certificates for any domain,
enabling man-in-the-middle attacks against MatrixSSL and GnuTLS.
Several implementations also accept certificate authorities created by
unauthorized issuers, as well as certificates not intended for server
authentication. We also found serious vulnerabilities in how users are
warned about certificate validation errors. When presented with an
expired, self-signed certificate, NSS, Safari, and Chrome (on Linux)
report that the certificate has expired - a low-risk, often ignored
error - but not that the connection is insecure against a
man-in-the-middle attack. These results demonstrate that automated
adversarial testing with frankencerts is a powerful methodology for
discovering security flaws in SSL/TLS implementations.
9/14 Zaheer
Successful Crowdfunding: The Effects of Founder and Project Factors
More info Abstract:
Crowdfunding has been regarded as a novel way of collecting money for innovators to launch products and services by opening their ideas in online. This funding approach is differentiated from a traditional fundraising alternative in terms of project evaluation and risk management. In this paper, we question the reason why some crowdfunding projects are more successful in the context of a pre-ordering model, also known as a reward-based crowdfunding. Data analysis results based on 704 Kickstarter projects showed that founder's prior experiences would influence successful fundraising. User comments and update efforts have positive effects on the increase of success rate. In addition, we examined that the amount of funding goal had negative association with fundraising success.
9/7 McConville
Practical and Effective Sandboxing for Non-root Users
More info Abstract:
MBOX is a lightweight sandboxing mechanism for nonroot users in commodity OSes. MBOX’s sandbox usage model executes a program in the sandbox and prevents the program from modifying the host filesystem by layering the sandbox filesystem on top of the host filesystem. At the end of program execution, the user can examine changes in the sandbox filesystem and selectively commit them back to the host filesystem. MBOX implements this by interposing on system calls and provides a variety of useful applications: installing system packages as a non-root user, running unknown binaries safely without network accesses, checkpointing the host filesystem instantly, and setting up a virtual development environment without special tools. Our performance evaluation shows that MBOX imposes CPU overheads of 0.1–45.2% for various workloads. In this paper, we present MBOX’s design, efficient techniques for interposing on system calls, our experience avoiding common system call interposition pitfalls, and MBOX’s performance evaluation.
8/31
8/24
NO SEMINAR
More info

Overview

The Fall 2016 offering of CS 7936 will focus on reading and discussing papers that are useful related work for the presenter's security and privacy research.

Class announcements are sent out on security-privacy@cs.utah.edu. You can subscribe at http://mailman.cs.utah.edu/mailman/listinfo/security-privacy.

Credit

Students may enroll for one (1) credit. Although the University lists the course as “variable credit,” the two- and three-credit options are not currently available.

Students enrolled in the seminar are expected to read the papers prior to the seminar. Additionally, students are expected to sign up to lead the discussion on one or more seminar meeting. Leading the disucssion means:

  1. Choosing the paper and sending it to tdenning@cs.utah.edu by 6PM Sunday before the seminar meeting;
  2. Preparing a 7-10 minute summary of the paper and its pertinent points;
  3. Familiarizing yourself enough with the paper to be able to answer questions that may come up;
  4. Preparing potential discussion points if the discussion needs prompting.

Reading and Presenting

It can be useful to look up the video of the presentation (if it was at USENIX, the video was recorded and is available online) and/or the slides (which may be available on the presenting author's page).

The following questions (some of which are pulled from Writing for Computer Science) can be useful to keep in mind when reading a paper (although not all questions will apply to all papers):