Computer Laboratory

Security Group

2016 seminars

Expand all Collapse all

If you can't find a talk you are looking for on this page, try the old archives.

View original page

21 June 14:00Cyberinsurance: good for your company, bad for your country? / Fabio Massacci - University of Trento

Room FW26, Computer Laboratory, William Gates Building

*Abstract:*
'Cyberinsurance' is a broad industry term indicating a corporate liability insurance covering damages due to security breaches of the IT corporate infrastructure. It is a booming market that raises significant expectations: both policy makers (e.g. the UK Paymaster General and the US Senate Committee on Security), and cyber experts (e.g. Bruce Schneier) have heralded it as a mechanism for efficiently valuing the cost of cyber attacks and to act as an effective substitute for government action. Whilst the effect of purchasing insurance on the behavior of individuals or firms has been studied for more than four decades, the unique, adaptive characteristics of cyber attacks make past findings not necessarily applicable.

In this talk I will illustrate a general economic model of heterogeneous firms, making risk averse decisions facing losses from cyber attacks conducted by strategic adversaries in a Cournot competition. We demonstrate that whilst the presence of actuarially fair insurance increases the aggregate utility of target firms, the presence of insurance does *not* necessarily increase the security expenditures wrt those mandated by a benevolent social planner. Furthermore, we show that when insurance is provided by a
monopolist insurer mandating firms security expenditure (as it has been proposed) the aggregate security expenditure is predicted to fall
dramatically (and the number of attackers to increase). In other words, delegating to cyberinsurers the policy maker role of regulating security expenditures might yield a digital tragedy of the commons.

Joint work with Julian Williams (Durham) and Joe Swierzbinski (Aberdeen)

*Bio:*
Fabio Massacci is a professor at the University of Trento (IT). He has a Ph.D. in Computing from the University of Rome La Sapienza in 1998. In his career he has visited Cambridge (UK), Toulouse (FR) and Siena (IT). He has published [105,111,197,203,308] articles in peer reviewed journals and conferences and his h-index is [14,22,36] depending on your favorite bibliographic database. In 2015 he received the IEEE Requirements Engineering '10 years most influential paper award' for his research on security requirements engineering. He was the European Coordinator of the project SECONOMICS (www.seconomics.org) on socio-economic aspects of security (See our paper with UK National Grid in the May'16 issue of IEEE Security & Privacy). Part of the ideas behind this research has also been incorporated by the Common Vulnerability Scoring Standard (CVSS) v3, just released in June 2015. He is now working on empirical methods for security and vulnerability risk assessment (e.g. are all these cyber security standards actually useful?).

Personal web site: http://disi.unitn.it/~massacci/ (not very much updated)
Laboratory web site: https://securitylab.disi.unitn.it

View original page

22 March 14:00Understanding, Characterizing, and Detecting Facebook Like Farms / Dr. Emiliano De Cristofaro, Senior Lecturer (Associate Professor), University College London

LT2, Computer Laboratory, William Gates Building

*Abstract:*
As the number of likes of a Facebook page provides a measure of its seeming popularity and profitability, an underground market of services has emerged that aim to boost page likes. In this talk, we aim to shed light on the "like farms" ecosystem, presenting three sets of results.
First, we report on a honeypot-based measurement study: we analyze likes garnered using, respectively, Facebook ads and farms, and highlight that some farms seem to be operated by bots and do not really try to hide the nature of their operations, while others follow a much stealthier approach.
We then take a look at existing graph-based fraud detection algorithms (including those currently deployed by Facebook), showing that stealthy farms successfully evade detection by spreading likes over longer timespans and by liking many popular pages to mimic normal users.
Finally, we analyze features extracted from timeline posts. We find that like farm accounts tend to more often re-share content, use fewer words and poorer vocabulary, target fewer topics, and generate more (often duplicate) comments and likes compared to normal users. Using these timeline-based features, we experiment with machine learning algorithms to detect like farms accounts, obtaining appreciably high accuracy (as high as 99% precision and 97% recall).

*Bio:*
Emiliano De Cristofaro is a Senior Lecturer at University College London (UCL). Prior to joining UCL in 2013, he was a research scientist at PARC (a Xerox company). In 2011, he received a PhD in Networked Systems from the University of California, Irvine, advised (mostly while running on the beach) by Gene Tsudik. His research interests include privacy technologies, applied cryptography, privacy and security measurements. He has served as program co-chair of the Privacy Enhancing Technologies Symposium (PETS) in 2013 and 2014, and of the Workshop on Genome Privacy and Security (GenoPri 2015). His ugly, yet up-to-date, homepage is available at https://emilianodc.com

View original page

16 February 14:00Do You See What I See? Differential Treatment of Anonymous Users / Sheharbano Khattak, University of Cambridge

LT2, Computer Laboratory, William Gates Building

*Abstract:*
The utility of anonymous communication is undermined by a growing number of websites treating users of such services in a degraded fashion. The second-class treatment of anonymous users ranges from outright rejection to limiting their access to a subset of the service’s functionality or imposing hurdles such as CAPTCHA-solving. To date, the observation of such practices has relied upon anecdotal reports catalogued by frustrated anonymity users. We present a study to methodically enumerate and characterize, in the context of Tor, the treatment of anonymous users as second-class Web citizens.

We focus on first-line blocking: at the transport layer, through reset or dropped connections; and at the application layer, through explicit blocks served from website home pages. Our study draws upon several data sources: comparisons of Internet-wide port scans from Tor exit nodes versus from control hosts; scans of the home pages of top-1,000 Alexa websites through every Tor exit; and analysis of nearly a year of historic HTTP crawls from Tor network and control hosts. We develop a methodology to distinguish censorship events from incidental failures such as those caused by packet loss or network outages, and incorporate consideration of the endemic churn in web-accessible services over both time and geographic diversity. We find clear evidence of Tor blocking on the Web, including 3.5% of the top-1,000 Alexa sites. Some blocks specifically target Tor, while others result from fate-sharing when abuse-based automated blockers trigger due to misbehaving Web sessions sharing the same exit node.

*Bio:*
Sheharbano Khattak is a PhD student and Research Assistant in the Security and NetOS groups of the Computer Lab, University of Cambridge, under the supervision of Dr. Steven J. Murdoch, Prof. Jon Crowcroft and Prof. Ross Anderson. She is externally advised by Prof. Vern Paxson at UC Berkeley. Sheharbano is a member of Robinson College and an Honorary Cambridge Trust Scholar. She likes to work on network measurement and security in isolation, and various combinations of these. Currently she studies the effects of online censorship from a number of different aspects: how it’s done, how it can be stopped, what its effects are, and the evolving shape of the ecosystem of government/policy-based censorship in particular. Previously she worked on Intrusion Detection Systems and Internet malware with a focus on botnets.

View original page

09 February 14:00The Unfalsifiability of security claims / Cormac Herley, Microsoft Research, Redmond

LT2, Computer Laboratory, William Gates Building

*Abstract:*
There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse; there is no test that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable (or untestable). This in turn implies an asymmetry in self-correction: while the claim that countermeasures are sufficient can always be refuted, the claim that they are necessary cannot. Thus, the response to new information can only be to ratchet upward: newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. So errors accumulate. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions.

We argue that progress has been slow in security precisely because of a failure to identify mistakes. Bad ideas that have received no corroboration persist indefinitely and the resources they consume crowds out sensible measures to reduce harm; examples of this abound. Many things that deliver no observed benefit are declared necessary for security, either because they have defined to be so, or have been reached through logically muddled arguments.

*Bio:*
Cormac Herley's main current interests are data analysis problems, authentication and the economics of information security. He has published widely in signal and image processing, information theory, multimedia, networking and security. He is the inventor on over 70 US patents, and has shipped technologies used by hundreds of millions of users. His research has been widely covered in outlets such as the Economist, NY Times, Washington Post, Wall St Journal, BBC, the Guardian, Wired and the Atlantic. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland.