Department of Computer Science and Technology

Security Group

2008 seminars

Expand all Collapse all

View original pageView slides/notes

09 December 16:15Bayesian Inference and Traffic Analysis / Carmela Troncoso, Microsoft Research Cambridge/KU Leuven(COSIC)

Lecture Theatre 2, Computer Laboratory, William Gates Building

Traffic analysis attacks on anonymity networks were for long based on heuristics that allow an attacker to uncover communication partners under specific assumptions. However, slight changes in the model would render the methods useless. We present a general model for the analysis of mix networks which captures characteristics of anonymity systems subject to constraints while being able to accommodate most previously proposed attacks. Furthermore, we show how this model can be used to obtain the probabilities of who speaks with whom through the use of Bayesian Inference techniques and Markov Chain Monte Carlo simulations.

View original page

02 December 16:15Talking to strangers / Bruce Christianson, University of Hertfordshire

Lecture Theatre 2, Computer Laboratory, William Gates Building

Access Control is conventionally built on top of authentication. This approach is problematic when several different security policy domains are involved. Authenticating across domain boundaries requires contending with different policies (and mechanisms) for identity management, delegation and revocation of authorization, etc. Additional issues in pervasive computing include the lack of transitive infrastructure and the promiscuity of casual device interactions.

This talk will describe an approach to localizing the trust assumptions required for multi-domain access control in a pervasive environment. We place dual capabilities inside Identity-Based Encryption wrappers to force the authentication problems back inside each player's 'home' domain.

Security problems which arise from talking to the wrong strangers are usually addressed by attempting to ensure that we know to whom we are speaking. We argue that often it is preferable to know that we are talking to the correct stranger.

View original page

28 November 14:45Dynamics, robustness and fragility of trust / Dusko Pavlovic

Room FW11, Computer Laboratory, William Gates Building

I present a model of the process of trust building that suggests that trust is like money: the rich get richer. The proviso is that the cheaters do not wait for too long, on the average, with their deceit. The model explains the results of some recent empiric studies, pointing to a remarkable phenomenon of *adverse selection*: a greater percentage of unreliable or malicious web merchants are found among those with certain (most popular) types of trust certificates, then among those without. While some such findings can be attributed to a lack of diligence, and even to conflicts of interest in trust authorities, the model suggests that the public trust networks would remain attractive targets for spoofing even if trust authorities were perfectly diligent. If the time permits, I shall discuss some old and some new ways to decrease this vulnerability, and some problems for exploration.

View original page

27 November 14:00Economics of architectural change: resistance to distributed denial of service attacks / Mikko Särelä, NomadicLab, Ericsson

Lecture Theatre 1, Computer Laboratory, William Gates Building

The past years have seen many proposals for distributed denial of service resistant architecture in the Internet. Still, such technologies have, mostly, not been deployed and there are no functioning markets for resistance against such attacks. In this presentation, we study the Internet as a business network and draw lessons for technology design. The preliminary findings indicate that the deployment incentives arise from the edges, there is an asymmetry between incentives in the uphill path and downhill path, and finally that the technologies must provide reliable and enforceable way of filtering bad traffic.

View original page

21 November 16:00The robustness of CAPTCHAs / Jeff Yan, Newcastle University

Computer Laboratory, William Gates Building, Room FW11

No matter whether you like or hate it, CAPTCHA has found widespread application on numerous commercial web sites - it is now almost a standard security mechanism for defending against undesirable or malicious Internet bot programs.

This talk introduces our recent work on attacking numerous widely deployed CAPTCHAs. I will present new techniques of general value to attack a number of text CAPTCHAs, including the schemes designed and deployed by Microsoft, Yahoo and Google. In particular, the Microsoft CAPTCHA has been deployed since 2002 at many of their online services including Hotmail, MSN and Windows Live. Designed to be segmentation-resistant, this scheme has been studied and tuned by its designers over the years. However, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took on average ~80 ms for the attack to completely segment a challenge on an ordinary desktop computer. As a result, we estimate that this CAPTCHA could be instantly broken by a malicious bot with an overall (segmentation and then recognition) success rate of more than 60%. On the contrary, the design goal was that automated attacks should not achieve a success rate of
higher than 0.01%. For the first time, our work shows that CAPTCHAs that are carefully designed to be segmentation-resistant are vulnerable to novel but simple attacks.

Our experience suggests that CAPTCHA will go through the same process of evolutionary development as cryptography, digital watermarking and the like, with an iterative process in which successful attacks lead to the development of more robust systems.

View original pageView slides

11 November 16:15Is the Operating System the Right Place to Address Mobile Phone Security? / Craig Heath, Symbian

Lecture Theatre 2, Computer Laboratory, William Gates Building

* What we mean by a "secure" mobile phone
* What broad approaches are possible (or "who will trust whom to do what?")
* What measures can be taken by the operating system
* How effective those measures have been in practice
* Whether the "costs" of the security measures are fairly distributed
* How economic incentives can be adjusted for better advantage
* How operating system security can cooperate with other measures
* Followed by open discussion

View original page

04 November 16:15Improving Tor using a TCP-over-DTLS Tunnel / Joel Reardon, University of Waterloo

Lecture Theatre 2, Computer Laboratory, William Gates Building

The Tor network gives anonymity to Internet users by relaying their traffic through the world over a variety of routers. This incurs undesirable latency, and we explore where this latency occurs. Experiments discount transport latency and computational latency to determine there is a substantial component that is caused by
delay. We determine that congestion control is causing the delay.

Tor multiplexes multiple streams of data over a single TCP connection. This is not the proper use of TCP, and as such results in the improper application of
congestion control. We illustrate an example of this occurrence on a Tor node in the wild and also illustrate how packet dropping and reordering cause interference
between the multiplexed streams.

Our solution is to use a TCP-over-DTLS transport between routers, and give each stream of data its own TCP connection. We give our design for our proposal, and show
experiments evidence to illustrate that our proposal has in fact resolved the multiplexing issues discovered in our system performance analysis. The future work
gives a number of steps towards optimizing and improving our work.

View original page

29 October 14:15How to Protect your Data by Eliminating Trusted Storage Infrastructure / David Mazieres - Stanford University

Lecture Theatre 1, Computer Laboratory

Storage systems typically trust some amount of infrastructure to behave correctly--the network, a file server, a certificate authority.
Many interpret "protecting data" to mean building a security fence around this trusted infrastructure. Unfortunately, people frequently fail to build high enough fences. Moreover, even low fences inconvenience honest people by limiting the ways in which they can access, update, and manage data.

An alternative is to design systems that cope with compromised infrastructure. This talk will present a set of techniques that progressively chip away at the security requirements of ordinary network file systems--eliminating the need to trust the network, eliminating the need to rely on certificate authorities, eliminating the need to trust replicas of popular data, mitigating the effects of compromised clients and passwords.

Finally, I'll show how clients can detect attempts to tamper with data even after an attacker completely compromises the file server. All of these techniques have been realized in usable systems, demonstrating that practical, strong data security need not come at the cost of high fences and their associated management constraints.

View original page

21 October 16:15Browsing with the enemy: a German view / Kai Buchholz-Stepputtis and Boris Hemkemeier

Lecture Theatre 2, Computer Laboratory, William Gates Building

Abstract not available

View original pageView slides

05 September 16:00Electronic health records: which is worse, the UK system or the US System? / Deborah C. Peel, Patient Privacy Rights

Lecture Theatre 2, Computer Laboratory, William Gates Building

Dr. Deborah Peel will discuss the current threats to privacy posed by the use of electronic health records in America. She is convinced that the US health IT system is far worse than that of the UK. And America has nothing comparable to the EU system of data privacy commissioners to protect the public's human rights. She argues that the current Administration and Congress has enabled and frankly encouraged US industry and government to engage in widespread surveillance, theft, sale, and misuse of Americans' sensitive personal health data. In 2002, the U.S. Department of Health and Human Services eliminated the right of consent in the HIPAA Privacy Rule, turning it into an 'Anti-Privacy Rule'. The result was to eliminate Americans' rights to control the use and disclosure of personal health information in electronic systems. Secondary uses without consent are now the primary uses of health data in the US.

Today, Americans have no way of knowing how many secret databases across the world store and use their health records. Both industry and the government lust after total access to the nation's treasure troves of health data. Numerous industries exploit the extreme commercial value of richly detailed health data. For example, one data miner, listed on the NYSE, reported revenues of $2 billion dollars in 2006. The seriously flawed US health IT system has spurred technology innovators to restore privacy rights by building trustworthy systems and products controlled by patients. The route to progress and the widespread adoption of health IT is through privacy. But consumers can't tell which systems and products to trust.

A new consumer-led privacy certification organization, Patient Privacy Certified, will audit health IT systems and products for adherence to the toughest privacy standards in the world. Certified products will be awarded a seal so consumers can tell they offer ironclad secure and privacy for health records.

Speaker:

Deborah C. Peel, MD, founded Patient Privacy Rights in 2004 "www.patientprivacyrights.org":http://www.patientprivacyrights.org to guarantee that Americans control all access to their personal health information. Patient Privacy Rights is America's leading consumer advocacy organization working to restore patients' rights to health information privacy.

In 2006, Dr. Peel formed the bipartisan Coalition for Patient Privacy. Coalition members include the Family Research Council, the Christian Coalition, the Electronic Privacy Information Center, the ACLU, the California Medical Association, and the American Chiropractic Association - over 50 organizations representing 7 million people.

In 2007, the world's largest technology corporation, Microsoft, joined the Coalition and agreed to adhere to the Coalition's privacy principles. Also in 2007, Dr. Peel was voted #4 of Modern Healthcare's 100 Most Powerful in Healthcare.

In 2008, PPR launched PrivacyRightsCertified, a consumer-led organization to certify electronic systems and software that meet the toughest national and international standards for privacy. This enables the public to tell which electronic health systems and products ensure that personal health information is secure and all access is controlled by the patient. Microsoft's HealthVault will be the first platform audited.

View original page

24 June 16:15 Advances in Hash Cryptanalysis / Christian Rechberger, IAIK, Graz University of Technology

Lecture Theatre 2, Computer Laboratory, William Gates Building

Hash functions are the Swiss army knife for cryptographers. Password protection, digital signatures (also in a potential post-quantum period) are applications where they surface outside the cryptographic community. Not only are almost all popular hash functions based on the same design principle, it also turned out that designers were not conservative enough. Spectacular practical attacks (e.g. on MD5) were the result in recent years, and
standardization organisations look for replacements.

The ubiquitously used SHA-1 exhibits a higher resistance against shortcut collision search attacks. Still, to motivate the shift _away from SHA-1_, we found a new shortcut attack which is estimated to be around a million times faster than generic attacks. The workfactor is still very high and hence we started a distributed computing project to find the first SHA-1 collision:
"SHA-1 Collision Search Graz":http://boinc.iaik.tugraz.at

Many applications of hash functions do not require collision resistance but rely on properties that are generally assumed to be much harder to violate (like resistance against inversion attacks). Nevertheless, some of our very recent results indicate that also here, we might see a development similar to collision attacks.

View original page

17 June 16:15"Fourteen Thousand Messages" / John Levine

Lecture Theatre 2, Computer Laboratory, William Gates Building

A guy I know went away on a trip for a month and a half. When he got back, his inbox had 14,000 messages waiting for him, real ones, since his mail system has pretty good spam filtering. How can anyone deal with that much mail? More importantly, there are tools to sort, filter, combine, and so forth to get the mail under control, but how can people who aren't techno-weenies like me manage and use the tools we have? Or do we need different tools?

View original page

20 May 14:30Privacy-preserving datagram delivery for ubiquitous systems / David Evans (Computer Laboratory)

Room FW11, Computer Laboratory, William Gates Building

*Slides "available":http://www.cl.cam.ac.uk/research/srg/opera/meetings/attachments/privacy-preserving_evans_2008_05_20.pdf .*

*Abstract:*

This talk describes one method of achieving communication privacy for ubiquitous systems and presents some preliminary performance results.
More specifically, we (i) describe the difference between data privacy and communication privacy and outline why both are important in ubiquitous computing; (ii) describe how to modify Tor, an anonymous communication framework, to provide anonymous datagram communication suitable for use in ubiquitous systems; and (iii) test and evaluate the performance of our proposal with reference to an example citywide sensor
network. We find that the system offers ubiquitous applications a low latency communication channel with reasonable privacy properties and that one pays surprisingly little for the benefits of the Tor infrastructure.

*Bio:*

David Evans is a Research Associate attached to the TIME-EACM project, examining issues of security and privacy in transport monitoring middleware and applications.

He holds a PhD from the University of Waterloo in Waterloo, Ontario, Canada, where he explored resource management strategies for the delivery of rapidly changing, frequently requested information.

He has also worked on software infrastructures for unobtrusive monitoring of frail individuals, and with the IBM Centre for Advanced Studies on web system scalability and data centre resource provisioning.

His masters research covered digital rights management.

His research interests include performance modelling and analysis of distributed and operating systems, privacy and trust, and novel applications for low-overhead virtualisation.

You can see more of "Dave's research":http://www.cl.cam.ac.uk/~de239/ .

View original page

30 April 14:15Copyright vs Community / Richard Stallman, www.gnu.org

Lecture Theatre 1, Computer Laboratory

Copyright developed in the age of the printing press, and was designed to fit with the system of centralized copying imposed by the printing press. But the copyright system does not fit well with computer networks, and only draconian punishments can enforce it.

The global corporations that profit from copyright are lobbying for draconian punishments, and to increase their copyright powers, while suppressing public access to technology. But if we seriously hope to serve the only legitimate purpose of copyright--to promote progress, for the benefit of the public--then we must make changes in the other direction.

Brief bio:

Richard Stallman launched the development of the GNU operating system
(see www.gnu.org) in 1984. GNU is free software: everyone has the
freedom to copy it and redistribute it, as well as to make changes
either large or small. The GNU/Linux system, basically the GNU
operating system with Linux added, is used on tens of millions of
computers today. Stallman has received the ACM Grace Hopper Award, a
MacArthur Foundation fellowship, the Electronic Frontier Foundation's
Pioneer award, and the the Takeda Award for Social/Economic
Betterment, as well as several honorary doctorates.

View original page

29 April 16:15"From the Casebooks of..." / Mark Seiden

Lecture Theatre 2, Computer Laboratory, William Gates Building

In a field with few design principles ("defense in depth"? separate duties?), few rules of thumb, no laws named after people more influential than Murphy, no Plancks or Avogadros to hold Constant, and little quantitation of any sort (we count bad things and how long it takes to fix them), it appears the best we can do right now is telling stories.

Over (enough) beer we cons up lightly anonymized War Stories about late night phone calls, scary devices, hard to find bugs (which exploiters somehow found), the backups that didn't, stupid criminals, craven prosecutors, cute hacks (but "don't try this at home") and pointy-haired bosses... There will be a few of these in this talk, but also some Cautionary Tales, parables, isomorphs of the Old Stories demonstrating human frailty and that the Law of Unexpected Consequences operates most strongly near the intersection of Bleeding Edge and Slippery Slope. Also just a bit about the future.

Mark Seiden, a programmer since the '60s, has worked since 1983 in areas of security, network, and software engineering for companies world-wide. As a Yahoo Paranoid and as a consultant, recent projects have included design, architecture, and implementation for ebusiness systems, security for online financial transaction processing and for a distributed document processing system, as an expert in computer crime cases, and testing of network, procedural and physical security in diverse deployed systems, enterprises, and colocation facilities.

Time Digital named him one of the 50 "CyberElite" in their first annual list, and he's been involved with four National Academy of Sciences studies on some trippy subjects. Mark was the first registant of the domain food.com. He's been played by an actor in a rather bad movie. His Erdos number is 4.

View original page

23 April 16:15Fighting online crime / Mikko Hyppönen, Chief Research Officer, F-Secure Corporation

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Fighting Online Crime*

This talk will cover how commercial antivirus labs operate today; What kind of systems are in use, how samples are collected and how they are analysed.

There will be also discussion about the changing enemy and about the current criminal trends and their origins.

Topics:
* Daily operation of a modern antivirus lab
* Changing enemy
* Espionage trojans
* Mobile malware

Mikko Hypponen has worked with computer viruses since 1991. He is an inventor of several patents and has written for magazines such as Scientific American, Foreign Policy and Virus Bulletin. Mr. Hypponen works for F-Secure Corporation in Helsinki, Finland.

View original pageView slides

15 April 16:15Process isolation for cloud computing using commodity operating systems / Wenbo Mao, Director and Chief Engineer, EMC Research China

Lecture Theatre 2, Computer Laboratory, William Gates Building

In new ways of computing, such as Grid and Cloud computing, the computing environment is in a multi-tenancy and virtual organization setting for which conformed guest process isolation is an important quality of service. Some known approaches suggested to make use of natural isolation existed between virtual machines (VMs) by deploying processes of different guests into separate VMs. We argue that, under a reasonable assumption of using commodity OSes, process isolation using inter-VM isolation is not only inadequate in security, but also impractical in performance and several other considerations. In Project Daoli, we work on process isolation within a VM. Our method modifies the open source hypervisor Xen by adding process isolation components to Xen with conformed behavior.

Daoli is a project on trusted grid infrastructure led by EMC Research China working with Fudan University, Wuhan University and Huazhong University of Science and Technology in China

View original pageView slides/notes

08 April 16:15An Empirical Analysis of Phishing Attack and Defense / Tyler Moore (Computer Laboratory, University of Cambridge)

Lecture Theatre 2, Computer Laboratory, William Gates Building

A key way in which banks mitigate the effects of phishing attacks is to remove the fraudulent websites and abusive domain names hosting them. We have gathered and analyzed empirical data on phishing website removal times and the number of visitors that the websites attract. We find that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. Phishing-website lifetimes follow a long-tailed lognormal distribution -- while many sites are removed quickly, others remain much longer. We have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling
hosting resources and by targeting many banks simultaneously. The gang's architectural innovations have significantly extended their websites' average lifetime. Using response data obtained from the servers hosting phishing websites, we also provide a ballpark estimate of the total losses due to phishing.

Phishing-website removal is often subcontracted to specialist companies. We analyze three months of `feeds' of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware, or learns of sites only belatedly. Upon calculating the resultant increase in lifetimes caused by the take-down company's lack of action, the results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs.

Finally, we have studied how one anti-phishing organization has leveraged the so-called `wisdom of crowds' by relying on volunteers to submit and verify suspected phishing sites. We show its voting-based decision mechanism to be slower and less comprehensive than unilateral verification performed by companies. We also find that the distribution of user participation is highly skewed, leaving the scheme vulnerable to manipulation.

View original pageView slides/notes

25 March 16:15Minimal TCB Code Execution / Jonathan M. McCune, Carnegie Mellon University

Lecture Theatre 2, Computer Laboratory, William Gates Building

We present Flicker, an architecture that allows code to execute in
complete isolation from other software while trusting only a tiny
software base that is orders of magnitude smaller than even minimalist
virtual machine monitors. Flicker can also provide
fine-grained attestation of the code executed (as well as its inputs
and outputs) to a remote party. Our technique enables more
meaningful attestation than previous proposals, since only
measurements of the security-sensitive portions of an application need
to be included. We achieve these guarantees by leveraging hardware
support provided by commodity processors from AMD and Intel that are
shipping today, and without requiring a new operating system.

View original page

29 February 16:00MD5crypt and GBDE: observations of a non-union cryptographer / Poul-Henning Kamp

Computer Laboratory, William Gates Building, Room FW11

Cryptographers are great guys and smart people, but why don't they ever produce code that solves the problems we have, and why do the whine when we do ?

MD5crypt, probably the worlds most widely used protection of passwords, was thrown together by a non-cryptographer in an afternoon, why did he have to ? (and why isn't he too proud of it ?)

GBDE, an encrypted disk facility, took considerably more work in the second step of the Feynmann algorithm, and a solid beating from the cryptographers card-carrying union members, but did anybody learn anything and if so, what ?

View original page

22 February 16:00Is SSL provably secure ? / Nigel Smart, Department of Computer Science, University of Bristol

Lecture Theatre 2, Computer Laboratory, William Gates Building

In this talk I will describe some joint work with P. Morrissey and B. Warinschi on the SSL protocol. We attempt to show that an abstraction of the SSL protocol does provide a secure key agreement protocol, and we quantify exactly what properties are required of any subprotocol which produces the pre-master secret.

View original page

13 February 16:15Hardware defences against side channel and invasive attacks / Philip Paul, Computer Lab, University of Cambridge

SS03, Computer Laboratory, William Gates Building

Low cost hardware security devices are increasingly deployed but are vulnerable to a number of attacks. We will demonstrate power analysis counter measures to make non-invasive attacks much more difficult, and ink jet coating techniques to defend against invasive attacks.

View original pageView slides/notes

12 February 16:15Hot or Not: Fingerprinting hosts through clock skew / Steven J. Murdoch (Computer Laboratory, University of Cambridge)

Lecture Theatre 2, Computer Laboratory, William Gates Building

Every computer has a unique clock skew, even ones of the same model, so this acts as a fingerprint. Even if that computer moves location and changes ISP it can be later identified through this phenomenon.

By collecting TCP timestamps or sequence numbers, clock skew can be accurately remotely measured. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computer's environment, which has wide-scale implications on security and privacy.
Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the same location, or even are virtual machines on one server.
The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries.

The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system.
Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide.

The talk will also present a separate illustration of the temperature covert channel technique, such as investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.

View original page

06 February 14:15Defence against the Dark Arts / Mike Prettejohn, Netcraft

Lecture Theatre 1, Computer Laboratory

http://news.netcraft.com/

Phishing, hacking and Internet based fraud are growing very quickly,
not only in absolute numbers, but also in diversity and complexity.
In this talk, we review contemporary Internet bank robbing,
illustrating the scale of the activity, the technological arms race
between attackers and defenders, and review some recent innovations and
illuminating mistakes from each side.

View original page

29 January 10:30Exploiting Online Games / Gary McGraw, CTO, Cigital

Room FW11, Computer Laboratory, William Gates Building

The talk, based on a book of the same title (co-authored by Greg Hoglund), exposes the inner workings of online game security for all to see, drawing illustrations from MMORPGs such as World of Warcraft to discuss:

* Why online games are a harbinger of software security issues to come
* How millions of gamers have created billion dollar virtual economies
* How game companies invade your privacy
* Why some gamers cheat
* Techniques for breaking online game security
* How to build a bot to play a game for you
* Methods for total conversion and advanced mods

But ultimately this talk is about security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software yet to come. The kinds of attack and defense techniques I describe are tomorrow's security techniques on display today.

BIO
Gary McGraw, Ph.D.
CTO, Cigital

"Company":http://www.cigital.com
"Podcast":http://www.cigital.com/silverbullet
"Blog":http://www.cigital.com/justiceleague
"Book":http://www.swsec.com
"Personal":http://www.cigital.com/~gem

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games was released in 2007. His other titles include Java Security, Building Secure Software, Exploiting Software, and Software Security; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

View original page

16 January 14:15Searching for Evil / Ross Anderson and Richard Clayton, Computer Laboratory, University of Cambridge

Lecture Theatre 1, Computer Laboratory

(work with Tyler Moore and Shishir Nagaraja)

Computer security has recently imported a lot of ideas from economics,
psychology and sociology, leading to fresh insights and new tools. We
will describe one thread of research that draws together techniques
from fields as diverse as signals intelligence and sociology to search
for artificial communities.

Evildoers online divide roughly into two categories - those who don't
want their websites to be found, such as phishermen, and those who do.
The latter category runs from fake escrow sites through dodgy stores
to postmodern Ponzi schemes. A few of them buy ads, but many set up
fake communities in the hope of having victims driven to their sites
for free. How can these reputation thieves be detected?

Some of our work in security economics and social networking may give
an insight into the practical effects of network topology. These tie
up in various ways with traffic analysis, long used by the signals
intelligence agencies which trawl the airwaves and networks looking
for interesting targets. We'll describe a number of dubious business
enterprises we've unearthed. Recent advances in algorithms, such as
Newman's modularity matrix, have increased the robustness of covert
community detection. But much scope remains for wrongdoers to hide
themselves better as they become topologically aware; we can expect
attack and defence to go through several rounds of coevolution. We'll
therefore end up by talking about some strategic issues, such as the
extent to which search engines and other service providers could, or
should, share information in the interests of wickedness detection.

(This talk was given as a google tech talk in August 2007 and is "here":http://video.google.com/videoplay?docid=-1380463341028815296)