Department of Computer Science and Technology

Security Group

2009 seminars

Expand all Collapse all

View original page

10 December 16:00Security Architectures for Distributed Social Networks / Jonathan Anderson (University of Cambridge)

FW26, Computer Laboratory, William Gates Builiding

Current practice in social networks requires users to give all of their personal information to a centralized provider, one which may have little competence in security and little incentive to change.
Distributing responsibility for information security to client software solves some problems, but others remain. This talk will describe recent work, current research and future aspirations for privacy-enabling social networking technology.

Bio: Jonathan Anderson is a PhD student in the Security Group. His research focuses on security architectures for the controlled disclosure of user information, especially in the contexts of social networks and operating systems.

View original page

04 December 10:00MPhil Mini-Symposium Security Talks / MPhil students, University of Cambridge

Lecture Theatre 2, Computer Laboratory, William Gates Building

Five MPhil students will each present a recent security paper for 10 minutes as part of the MPhil Mini-symposium:

http://www.cl.cam.ac.uk/teaching/0910/C00/minisymp/programme.htm

10:00 Omar-Salim Choudary (osc22)

“Optimised to Fail: Card Readers for Online Banking”, Saar Drimer, Steven J. Murdoch, and Ross Anderson, Financial Cryptography and Data Security '09

10:13 Roland Tai (ykrt2)

“RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications”, A. Czeskis, K. Koscher, J. R. Smith, and T. Kohno, ACM CCS '08 (Computer and Communications Security)

10:26 Alexandros Toumazis (at443)

“Tempest in a Teapot: Compromising Reflections Revisited”, M. Backes, T. Chen, M. Duermuth, H. P. A. Lensch, and M. Welk, IEEE Symposium on Security and Privacy 2009

10:39 Danish Zeb (dz245)

“Time and Location Based Services with Access Control”, C. Bertolissi and M. Fernandez, IEEE NTMS '08 (New Technologies, Mobility and Security)

10:52 Guanwei Zeng (gz233)

“Privacy-enabling social networking over untrusted networks”, J. Anderson, C. Diaz, J. Bonneau and F. Stajano, WOSN ’09 (Online Social Networks)

View original page

17 November 16:15Understanding scam victims: Seven principles for systems security / Frank Stajano, University of Cambridge

Lecture Theatre 2, Computer Laboratory, William Gates Building

The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and "short cons" that were investigated, documented and recreated for the BBC TV programme "The Real Hustle" and we extract from them some general principles about the recurring behavioural patterns of victims that hustlers have learnt to exploit.

We argue that an understanding of these inherent "human factors" vulnerabilities, and the necessity to take them into account during design rather than naïvely shifting the blame onto the "gullible users", is a fundamental paradigm shift for the security engineer which, if adopted, will lead to stronger and more resilient systems security.

You can read the full tech report here:

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-754.pdf

View original page

10 November 14:30The Elephant in the Room: Health Information System Security and the User-Level Environment / Juanita Fernando (Monash University)

Room FW11, Computer Laboratory, William Gates Building

*Slides "available":http://www.cl.cam.ac.uk/research/srg/opera/meetings/attachments/2009-11-10-HealthInfSystem_Fernando.pdf .*

*Abstract:*

The patient care context comprises outdated
infrastructure, pervasive computer use, shared
clinical workspace, aural privacy shortcomings,
interruptive work settings, confusing legislation,
poor privacy and security (P&S) eHealth training
outcomes and inadequate budgets.
Twenty three medical, nursing and allied health
clinicians working in Australia (Victoria)
participated in qualitative research examining work
practices with P&S for patient care. They criticised
a slow, inefficient eHealth information system (eHIS)
environment permeated by usability errors. EHealth
systems expanded workloads and system demands
were onerous, increasing the clinicians’ scepticism
of reliance on information technology. Consequently
many clinicians had developed trade-offs to avoid
reliance an eHIS.
The trade-offs include IT support avoidance and
shared passwords to PKI and computer accounts.
Handover-sheets populated by transcribed notes
were circulated between all clinicians present. The
practices ensure paper persistence and escalate
P&S threats to data confidentiality, integrity and
availability. Study evidence suggests poor eHISs
hamper patient care and may represent a larger
P&S threat than indicated by studies to date

*Bio:*

I'm interested in all aspects of health information system security. My research concerns clinical health informatics, bioinformatic data exchange standards and information security. I've developed a particular emphasis on e-health tools and their contribution to workflow methodologies in the health sector.

A member of the Mobile Health Research Group (MHRG), I work very closely with colleagues at Information Technology.

Useful sources of information on health information security and privacy are widely scattered. The web page published by the Australian Privacy Foundation (APF) is a notable exception. I chair the Health Sub Committee and love the work I do with them.

My professional memberships include the Australian College of Health Informatics (ACHI) , the Health Informatics Society of Australia (HISA) and the Australian Health Informatics Education Council (AHIEC).

I am the Academic Convenor, the Honours Degree of Bachelor of Medical Science, Medicine, Nursing & Health Sciences at Monash University. Academic oversight of students enrolled for a BMedSc(Hons)degree is challenging but fun and I'm fascinated by the research programs on which they work.

More "info":http://users.monash.edu.au/~juanitaf/

View original page

02 November 14:00Surveillance in Speculative Fiction: Have Our Artists Been Sufficiently Imaginative? / Roger Clarke, University of New South Wales

FW11

There are many variants of surveillance, many pitfalls, and potentially serious consequences for 'good people' as well as 'the baddies'. Fiction-writers of all kinds have taken advantage of the enormous scope this provides. Writers of speculative fiction have been running ahead of reality for decades; but they need to display more imagination, because reality keeps catching up with them. This paper reviews speculative fiction genres and imaginations, and uses them as a means of identifying several different interpretations of what the surveillance epidemic means for privacy and human freedom.

Roger Clarke is a Canberra-based eBusiness consultant, and a Visiting Professor in Cyberspace Law & Policy at UNSW in Sydney, and in Computer Science at the Australian National University. He has conducted dataveillance research since the early 1980s, and has been active in privacy advocacy even longer than that. He is currently Chair of the Australian Privacy Foundation.

View original page

28 October 14:15Aggregated Security Monitoring in 10GB networks / Nathan Macrides and Nick McKenzie - Security Engineering, RBS

Lecture Theatre 1, Computer Laboratory

The use of aggregation switch technology to perform 'out-of-band' network security monitoring (forensics, data leakage, intrusion detection) in high volume distributed network infrastructure.

Short bio: Nathan Macrides

Nathan graduated from RMIT University in Melbourne, Australia, with Degrees in Computer Science (B App Sci) and Computer Systems Engineering (B Eng) in 2003. Since then, he has been employed in IT as a Solutions Engineer with a focus on Security. He has worked fro various organisation including the European Bank for Reconstruction and Development and BAA and currently works within the Global Banking & Markets Division of RBS.

Short bio: Nick McKenzie

Nick graduated from Curtin University of Technology in Perth, Australia, wit a Bachelor of Commerce (Information Systems) (BCom (IS)) and a Master of E-Commerce (MeCom). He has since been employed by various consulting and financial institutions in Australia and the UK focusing on security assessments, design and architecture reviews. He is currently Head of Security Architecture and Engineering and IS&C Project Support for RBS Global Banking & Markets.

View original page

26 October 16:15Policing Online Games -- Defining A Strong, Mutually Verifiable Reality in Virtual Games / Peter Wayner

Lecture Theatre 2, Computer Laboratory, William Gates Building

Ronald Reagan was fond of saying "trust but verify". Alas, the modern virtual world of games gives users no basis for trust and no mechanism for verification. Foolish people wager real money on a hand of cards dealt to them by an offshore server. Some of the virtual worlds have been rocked by scandals where sys admins take bribes to add special features like unbeatable armor to favored players.

The good news is that we can build strong, virtual worlds that give users the basis for trust and the ability to verify the fairness of a game. The algorithms are well-known and tested, to some extent, by time. This talk will revue a number of the classic results designed for playing poker or distributing digital cash, and explore how they can be used to stop some of the most blatant cheating affecting the more sophisticated online world.

View original pageView slides/notes

13 October 16:15Optical surveillance on silicon chips: your crypto keys are visible / Sergei Skorobogatov

Lecture Theatre 2, Computer Laboratory, William Gates Building

This talk presents a low-cost approach to optical side-channel attacks on secure semiconductor chips. By using an inexpensive CCD camera to monitor the emission from operating chip, information stored in SRAM, EEPROM and Flash was successfully recovered. Initially demonstrated on a 0.9-micron microcontroller, this technique was later adapted for a 0.13-micron secure FPGA with AES decryption engine used for code protection. This shows the danger of optical emission analysis attacks to modern deep-submicron chips. Optical emissions from an operating chip also have a good correlation with power analysis traces and can therefore be used to estimate the contribution of different areas within the chip. Optical emission analysis can also be used for partial reverse engineering of the chip structure by spotting the active areas. This can assist in carrying out optical fault injection attacks later, thereby saving the time otherwise required for exhaustive search. Practical limits for optical emission analysis in terms of sample preparation, operating conditions and chip technology will be discussed. Like with the introduction of probing attacks in the mid-1990s, power analysis attacks in the late 1990s and optical injection attacks in the early 2000s, optical emission attacks will very likely result in the need to introduce new countermeasures during the design of semiconductor chips.

View original page

15 September 16:15So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users / Cormac Herley, Microsoft Research, Redmond

Lecture Theatre 2, Computer Laboratory, William Gates Building

The failure of users to follow security advice has often been noted. They chose weak passwords, ignore security warnings, and are oblivious to certificates. It is often suggested that users are hopelessly lazy and unmotivated on security questions. We argue that users' rejection of the security advice they receive is entirely rational from an economic perspective. As with many activities, online crime generates direct losses and externalities. The advice offers to shield them from the direct costs of attacks, but burdens them with the indirect costs, or externalities. Since the direct costs are generally small relative to the indirect ones, they reject this bargain. We examine three areas of user education: password rules, phishing site identification, and SSL certificates. In each we find that the advice is complex and growing, but the benefit is largely speculative or moot. In the cases where we can estimate benefit, it emerges that the burden of following the security advice is actually greater than the direct losses caused by the attack.

Bio:
Cormac Herley is a Principal Researcher at Microsoft Research. His main current interests are data and signal analysis problems that reduce complexity and help users avoid harm. He's been at MSR since 1999, and before that was at HP where he headed the company's currency anti-counterfeiting efforts. Some of his recent published work has focused on problems of passwords and authentication, the economics of cybercrime, phishing prevention technologies and keylogger resistant access to existing web accounts.

He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. He is a former adjunct at UC Berkeley, has authored more than 50 peer reviewed papers, is inventor of 70 or so US patents (issued or pending) and has shipped technologies used by tens of millions of users.

"Web page":http://research.microsoft.com/en-us/people/cormac/

View original pageView slides

30 June 16:15Efficient Implementation of Physical Random Bit Sources / Richard Newell, Actel

Lecture Theatre 2, Computer Laboratory, William Gates Building

Two circuit blocks often needed in conjunction with a physical random
bit source are a Conditioner and a Health Monitor. The Health monitor
is used to make sure that the physical source is generating sufficient
entropy and hasn't failed. The Conditioner concentrates the available
entropy and ensures that its output is statistically indistinguishable
from true random numbers. Efficient examples of both circuits are
proposed that are suitable for FPGA implementations.

View original page

29 May 11:00Online Social Networks and Applications: a Measurement Perspective / Ben Zhao (UCSB)

FW26, Computer Laboratory, William Gates Builiding

With more than half a billion users worldwide, online social networks such as Facebook are popular platforms for interaction, communication and collaboration between friends. Researchers have recently proposed an emerging class of Internet applications that integrate relationships from social networks to improve security and performance. But can these applications be effective in real life? And if so, how can we predict their effectiveness when they are deployed on real social networks?

In this talk, we will describe recent research that tries to answer these questions using measurement-based studies of online social networks and applications. Using measurements of a socially-enhanced web auction site, we show how social networks can actually reduce fraud in online transactions. We then discuss the evaluation of social network applications, and argue that existing methods using social graphs can produce to misleading results. We use results from a large-scale study of the Facebook network to show that social graphs are insufficient models of user activity, and propose the use of "interaction graphs" as a more accurate model. We construct interaction graphs from our Facebook datasets, and use both types of graphs to validate two well-known social-based applications (Reliable Email and SybilGuard). Our results reveal new insights into both systems and confirm our hypothesis that choosing the right graph model significantly impacts predictions of application performance.

Bio: Ben Zhao is a faculty member at the Computer Science department, U.C. Santa Barbara. Before UCSB, he completed his M.S. and Ph.D. degrees in Computer Science at U.C. Berkeley, and his B.S. from Yale University. His research interests include networking, security and privacy and distributed systems.
He is a recipient of the National Science Foundation's CAREER award, MIT Tech Review's TR-35 Award (Young Innovators Under 35), and is one of ComputerWorld's Top 40 Technology Innovators.

View original page

18 May 14:00(Research) Bluetooth Tracking without Discoverability / (Skills) Deploying web user authentication with Shibboleth / Simon Hay and Sören Preibusch

FW26, William Gates Building

Research: Bluetooth Tracking without Discoverability, Simon Hay


Outdoor location-based services are now prevalent due to advances in mobile technology and GPS. Indoors, however, even coarse location remains unavailable. Bluetooth has been identified as a potential location technology that mobile consumer devices already support,easing deployment and maintenance. However, Bluetooth tracking systems to date have relied on the Bluetooth inquiry mode to constantly scan for devices. This process is very slow and can be a security and privacy risk. In this paper we investigate an alternative: connection-based tracking. This permits tracking of a previously identified handset within a field of fixed base stations. Proximity is determined by creating and monitoring low-level Bluetooth connections that do not require authorisation. We investigate the properties of the low-level connections both theoretically and in practice, and show how to construct a building-wide tracking system based on this technique. We conclude that the technique is a viable alternative to inquiry-based Bluetooth tracking.


Skills: Deploying web user authentication with Shibboleth, Sören Preibusch


Shibboleth is a set of policies and protocols providing an access control system for web-based resources. It is similar to that currently provided by Raven, but extended and standardised to allow users from multiple organisations to access resources provided by other independent organisations. Compared to Raven, Shibboleth involves a higher implementation effort, yet supports a broader range of platforms for deployment. Service providers can define more fine-grained rules for access control and the identity of authenticated users need not be disclosed (privacy-preserving single-sign on).

This talk is intended for Web authors and developers envisioning to set up user authorisation and authentication. I will briefly review the architecture and underlying Web service infrastructure for Shibboleth and sketch typical deployment scenarios. More prominently, I will share my own experiences in becoming the owner of the first Shibboleth-protected web site in the University.

View original page

14 May 16:00PeerSoN: Privacy-Preserving P2P Social Networks / Sonja Buchegger (Deutsche Telekom Laboratories)

FW26, Computer Laboratory, William Gates Builiding

Online Social Networks like Facebook, MySpace, Xing, etc. have become extremely popular. Yet they have some limitations that we want to overcome for a next generation of social networks: privacy problems and requirements of Internet connectivity, both of which are due to web-based applications on a central site whose owner has access to all data.

To overcome these limitations, we envision a paradigm shift from client-server to a peer-to-peer infrastructure coupled with encryption so that users keep control of their data and can use the social network also locally, without Internet access. This shift gives rise to many research questions intersecting networking, security, distributed systems and social network analysis, leading to a better understanding of how technology can support social interactions.

Our project, PeerSoN, consists of several parts. One part is to build a peer-to-peer infrastructure that supports the most important features of online social networks in a distributed way. We have written a first prototype to test our ideas. Another part is concerned with encryption, key management, and access control in such a distributed setting. Extending the distributed nature of the system, we investigate how to integrate such peer-to-peer social networking with ubiquitous computing and delay-tolerant networks, to enable direct exchange of information between devices and to take into account local information. http://www.peerson.net

Bio: Sonja Buchegger is a senior research scientist at Deutsche Telekom Laboratories, Berlin. In 2005 and 2006, she was a post-doctoral scholar at the University of California at Berkeley, School of Information. She received her Ph.D. in Communication Systems from EPFL, Switzerland, in 2004, a graduate degree in Computer Science in 1999, and undergraduate degrees in Computer Science in 1996 and in Business Administration in
1995 from the University of Klagenfurt, Austria. In 2003 and 2004 she was a research and teaching assistant at EPFL and from 1999 to 2003 she worked at the IBM Zurich Research Laboratory in the Network Technologies Group. Her current research interests are economics, security, and privacy of self-organized networks.

View original pageView slides/notes

12 May 16:15Whither Challenge Question Authentication? / Mike Just, University of Edinburgh

Lecture Theatre 2, Computer Laboratory, William Gates Building

Questions such as "What is your mother's maiden name?" and "What was your first pet's name?" are commonly used today to authenticate users, often in support of account recovery when a password is forgotten. Despite their ubiquity, there exists very little published research as to their efficacy. Some recent, high profile compromises suggest that they are not sufficiently secure. Recent research seems to point to a similar conclusion. In this talk, I'll examine some of the recent research into the security and usability of challenge question authentication, and discuss whether it remains a viable option for user authentication.

View original page

30 April 17:00A conversation with Phil Zimmermann / Phil Zimmerman

Lecture Theatre 2

Phil Zimmermann is a veteran of the crypto wars of the 1990s, when governments tried to ban and then to control cryptography. After he wrote Pretty Good Privacy (PGP), which he made available online in 1991, he was arraigned before a grand jury on suspicion of violating export-control laws. PGP became the most widely-used encryption program in the world and the US government dropped its case in 1996. That attempt to control crypto petered out during the dotcom boom and was abandoned by Al Gore during the 2000 election.

But the surveillance state has constantly reinvented itself, from the illegal wiretapping of US citizens under George W. Bush to the proliferation of CCTV cameras in Britain and - now - the Interception Modernisation Program.

This rising tide of surveillance since 9/11 brought Phil back into the business of crypto activism with Zfone, a secure VOIP program.

This meeting will be structured not so much as a lecture but a conversation, which will range over the technology and policy of crypto wars old and new.

View original page

28 April 16:15Bypassing Physical Security Systems / Marc Weber Tobias, Investigative Law Offices

Lecture Theatre 2, Computer Laboratory, William Gates Building

The presentation will include a detailed review regarding the protection of high security facilities, including airports and aircraft, power transmission facilities, and computer server rooms. The emphasis will be on liability and security issues that may result from an undue reliance on certain high security locking systems and technology. I will discuss a number of misconceptions and why these facilities may be at risk, even with some of the most sophisticated physical access hardware and software.

Specific problems inherent in conventional locking hardware will be the primary focus, together with an analysis of high security mechanical locks and electronic access control systems produced by many of the Assa Abloy companies. These technologies include the Cliq, Logic, and NexGen among others. The representations of certain manufacturers will be analyzed, and potential vulnerabilities in these high-tech systems will be explored, together with the liability that may flow to users if these systems are circumvented.

Since the publication of _OPEN IN THIRTY SECONDS_, which details the compromise of Medeco high security locks (2008), intensive research has been on-going in the U.S. and Europe regarding the security of different electronic access control systems. The results will be included in the new supplement to our book. These potential security issues will be examined in Dubai and will be explored in depth in the upcoming supplement, and later this year in future presentations.

Ross Anderson wrote the forward for Mr. Tobias' book, which can be purchased here:

http://www.amazon.com/OPEN-THIRTY-SECONDS-Cracking-America/dp/0975947923/

View original page

27 April 14:00(Research) OpenRoomMap: Mapping the Gates building / (Skills) Best Papers Lent 2009 / Andrew Rice and DTG members

FW26, William Gates Building

Research: OpenRoomMap

In this talk I will outline the goals of the OpenRoomMap project and discuss our initial trial mapping of the William Gates Building. Please have a look (and do some mapping) at http://www.cl.cam.ac.uk/research/dtg/openroommap before the talk.


Skills: Best Papers Lent 2009

Each member of the group will submit an entry for the best paper they have read this term. We will have very a brief presentation on as many as we can fit in to 30 minutes.

View original page

07 April 16:15Cloning MiFare Classic rail and building passes, anywhere, anytime / Nicolas Courtois, University College London

Lecture Theatre 2, Computer Laboratory, William Gates Building

MiFare Classic is the most popular contactless smart card with some 200 millions copies in circulation world-
wide. At Esorics 2008 Dutch researchers showed that the underlying cipher Crypto-1 can be cracked in as
little as 0.1 seconds if the attacker can eavesdrop the RF communications with the (genuine) reader.
We discovered that a MiFare classic card can be cloned in a much more practical card-only scenario, where
the attacker only needs to be in the proximity of the card for a number of minutes, therefore making usurpation
of identity through pass cloning feasible at any moment and under any circumstances. For example, anybody
sitting next to the victim on a train or on a plane is now be able to clone his/her pass. Other researchers
have also (independently from us) discovered this vulnerability (Garcia et al., 2009) however our attack is
different and does not require any precomputation. In addition, we discovered that a yet unknown proportion
of MiFare Classic cards are even weaker, and we have in our possession a MiFare Classic card from a large
Eastern-European city that can be cloned in seconds.

Paper: http://eprint.iacr.org/2009/137

View original page

26 March 16:00Pointless Tainting? Evaluating the practicality of pointer tainting / Asia Slowinska (Vrije Universiteit Amsterdam)

FW26, Computer Laboratory, William Gates Builiding

This talk evaluates pointer tainting, an incarnation of Dynamic Information Flow Tracking (DIFT). Pointer tainting has been used for two main purposes: detection of privacy-breaching malware (e.g., trojan keyloggers obtaining the characters typed by a user), and detection of memory corruption attacks against non-control data (e.g., a buffer over?ow that modi?es a user’s privilege level). The technique is considered one of the only methods for detecting them in unmodi?ed binaries. Unfortunately, almost all of the incarnations of pointer tainting are ?awed. We found that pointer tainting generates itself the conditions for false positives. We analyse the problems in detail and investigate various ways to improve the technique. Most have serious drawbacks in that they are either impractical (and incur many false pos- itives still), and/or cripple the technique’s ability to detect attacks. We argue that depending on architecture and operating system, pointer tainting may have some value in detecting memory corruption attacks (albeit with false negatives and not on the popular x86 architecture), but it is not suitable for automated detecting of privacy-breaching malware such as keyloggers.


Bio: Asia Slowinska is a third-year PhD student at the Vrije Universiteit Amsterdam. Her research concerns intrusion detection, signature generation, and honeypots. Currently she's interning with MSRC.

View original pageView slides/notes

24 March 16:15Privacy Implications of Public Listings on Social Networks / Joseph Bonneau, University of Cambridge

Lecture Theatre 2, Computer Laboratory, William Gates Building

The popular social networking website Facebook exposes a
“public view” of user profiles to search engines which includes eight of the user’s friendship links. This talk will examine what interesting properties of the complete social graph can be approximated from this public view. In experiments on real social network data, we were able to accurately approximate the degree and centrality of nodes, compute small dominating sets, find short paths between users, and detect community structure. This work demonstrates that it is difficult to safely reveal limited information about a social network.

Full paper:

http://www.cl.cam.ac.uk/~jcb82/8_friends_paper.pdf

View original page

19 March 15:00High Assurance Smart Cards for Multinational Coalitions and Other Applications of National Security / Paul Karger, IBM Watson Research Center

Lecture Theatre 2, Computer Laboratory, William Gates Building

Caernarvon is a high-assurance secure operating system for smart cards, designed to pass the highest levels (EAL7) of the Common Criteria. It includes a multi-organizational mandatory access control model that is designed to provided both security and integrity controls that can scale to cover the entire Internet. These multi-organizational controls can make it much easier to implement applications for multi-national military, electronic visas that could be stored on the same smart card chip as is used for electronic passports.

View original pageView slides

10 March 16:15The Effectiveness of T-way Test Data Generation / Michael Ellims

Lecture Theatre 2, Computer Laboratory, William Gates Building

This talk reports the results of a study comparing the effectiveness of automatically generated tests constructed using random and t-way combinatorial techniques on safety related industrial code using mutation adequacy as the acceptance metric. A reference point to current best practice is provided by using hand generated test vectors constructed during development to establish minimum acceptance criteria. The study shows that 2-way adequate test sets are not adequate as measured by the mutants kill rate compared with hand generated test sets of similar size, but that higher factor t-way test sets can perform at least as well. To reduce the computation overhead of testing large numbers of vectors over large numbers of mutants a staged optimising approach to applying t-way tests is proposed and evaluated which shows improvements in execution time and final test set size.

View original page

06 March 14:00Securing Virtual Machine Monitors: What is Needed? / Paul Karger (IBM Research - Watson)

FW26, Computer Laboratory, William Gates Builiding

While many people view virtual machine monitors as something special and different, in realty they are just special purpose operating systems. The major difference is that the API to a virtual machine monitor is the instruction set of the virtual machine, while the API to an operating system is a set of system calls to manipulate processes, file systems, perform I/O, etc. To the extent that a particular VMM uses
paravirtualization, it begins to look more like a classical operating system than a VMM -- and just like operating systems, VMMs can have exploitable security vulnerabilities.

This talk will discuss the myths and reality behind virtualization and security, and look at what is needed to build truly secure VMMs.

View original page

27 February 16:00Mobile malware prevention using temporal information / John Tang, Computer Laboratory

Computer Laboratory, William Gates Building, Room FW11

Abstract not available

View original page

20 February 16:00Security lessons from embedded devices / Philip Paeps, FreeBSD security team

Computer Laboratory, William Gates Building, Room FW11

Embedded devices are everywhere. As more and more of them are starting to become networked, devices which traditionally had no security requirements are now having to take into account quite sophisticated threat models. In a world where time to market is critical and deployments happen in very large volumes, engineers are often having to learn about security in zero-time while they work.

This talk will discuss some of the technical security measures that are being taken in the embedded world from the perspective of the people implementing them.

View original page

18 February 14:15Privacy and HCISec: Notes From The Front / Alma Whitten - Google

Lecture Theatre 1, Computer Laboratory

Is engineering privacy an HCISec challenge? Is designing to give users transparency and choice on privacy the same kind of problem as designing to make security usable? Alma will discuss observations drawn from her experiences on the front lines of some of today's most interesting privacy debates.

View original page

12 February 16:00Wedge: Splitting Applications into Reduced-Privilege Compartments / Andrea Bittau (UCL)

SS03, Computer Laboratory, William Gates Builiding

Most applications today run as single processes, allowing successful attackers to access all of the process's memory and sensitive data. We intend to reverse this situation by splitting applications into multiple compartments that hold no privileges by default, and allowing programmers to explicitly grant privileges and memory permissions, therefore controlling the damage of potential exploits.
Our system Wedge is composed of two synergistic parts: the sthread OS primitives that allow programmers to create default-deny compartments with explicitly set privileges, and Crowbar, a tool that run-time analyzes existing applications to help identify potential sthreads along with their required memory and file descriptor permissions, allowing a simpler migration of existing code to sthreads. We applied sthreads to SSL-enabled Apache protecting the privacy of user data even against a powerful attacker can both exploit large part of the server and also act as a man-in-the-middle in the network; all at a 20--40% performance cost. Finally we describe a userland implementation of sthreads that does not sacrifice performance thanks to the careful (ab)use of UNIX APIs.

Bio: Andrea Bittau is a PhD student at UCL working on operating system support for application security, supervised by Mark Handley and Brad Karp. His past projects include the fragmentation attack for 802.11 WEP networks, where an attacker can spoof and eavesdrop data without needing the WEP key, and developing the first open source Bluetooth sniffer, based on GNU radio.

View original pageView slides/notes

03 February 16:15Privacy-Preserving 802.11 Access-Point Discovery / Janne Lindqvist - Helsinki University of Technology, Finland

Lecture Theatre 2, Computer Laboratory, William Gates Building

It is usual for 802.11 WLAN clients to probe actively for access points in order to hasten AP discovery and to find “hidden” APs. These probes reveal the client’s list of preferred networks, thus, present a privacy risk: an eavesdropper can infer attributes of the client based on its associations with networks. We propose an access-point discovery protocol that supports fast discovery and hidden networks while also preserving privacy. Our solution is incrementally deployable, efficient, requires only small modifications to current client and AP implementations, interoperates with current networks, and does not change the user experience. We note that our solution is faster than the standard hidden-network discovery protocol based on measurements on a prototype implementation.

View original page

03 February 14:30An overview of the Smart Flow project / David Eyers (University of Cambridge)

Room FW11, Computer Laboratory, William Gates Building

*Slides "available":http://www.cl.cam.ac.uk/research/srg/opera/meetings/priv-attachments/2009_02_03_SmartFlow_Eyers.pdf .*
_(only available for CL members)_

*Abstract:*

This talk will provide an overview of the Smart Flow project. The project has participants from the Computer Laboratory, Imperial College, and the Eastern Cancer Registration and Information Centre.

Smart Flow aims to examine issues of reconfigurability, policy, and security in distributed event based systems, with a particular focus on managing flows of healthcare-related data.

We will discuss some of our initial work into a distributed information flow model that is tuned toward use within event based systems.

View original pageView slides

28 January 14:15A Framework for the Analysis of Mix-Based Steganographic File Systems / Claudia Diaz - Department of Electrical Engineering (ESAT), K.U.Leuven, Belgium

Lecture Theatre 1, Computer Laboratory

The goal of Steganographic File Systems (SFSs) is to protect users from coercion attacks by providing plausible deniability on the existence of hidden files. We consider an adversary who can monitor changes in the file store and use this information to look for hidden files when coercing the user. We outline a high-level SFS architecture that uses a local mix to relocate files in the remote store, and thus prevent known attacks that rely on low-entropy relocations. We define probabilistic metrics for unobservability and (plausible) deniability, present an analytical framework to extract evidence of hidden files from the adversary’s observation (before and after coercion,) and show in an experimental setup how this evidence can be used to reduce deniability.
This work is a first step towards understanding and addressing the security requirements of SFSs operating under the considered threat model, of relevance in scenarios such as remote stores managed by semi-trusted parties, or distributed peer-to-peer SFSs.

Full paper:

https://www.cosic.esat.kuleuven.be/publications/article-1051.pdf

View original page

27 January 16:15Improving Cache Performance while Mitigating Software Side-Channel Attacks / Ruby Lee - Princeton University

Lecture Theatre 2, Computer Laboratory, William Gates Building

Improving the security of computers has traditionally been associated with degrading performance. Princeton researchers show a rather surprising result where both security and performance can be improved by rethinking cache architecture. Cache subsystems bridge the speed gap between processors and main memory, and are essential for improving the performance of computer systems. However, the fundamental difference in cache hit versus miss timing can be exploited to leak secret information, such as the cryptographic keys of AES and RSA ciphers. Almost all computers are vulnerable to these software side-channel attacks. Software solutions are algorithm-specific, do not apply to legacy programs and severely degrade performance. A generic hardware solution that applies to all software, does not degrade performance, and prevents all access-based cache side-channel attacks, is desirable. New security-aware cache architectures, presented in ISCA2007, were the Random Permutation cache (RPcache) and the Partition Locked cache (PLcache). A novel cache architecture (Micro2008) is presented that not only improves security, but also improves performance, achieving the best cache access time, miss-rate and power consumption of existing classes of cache architectures. Fault-tolerance, hot-spot mitigation and flexible partitioning are additional benefits.

View original pageView slides/notes

20 January 16:15Hardware security: trends and pitfalls of the past decade / Sergei Skorobogatov - Computer Laboratory, University of Cambridge

Lecture Theatre 2, Computer Laboratory, William Gates Building

It has been a long time since the hardware security problems in semiconductor
chips were brought to light by Ross Anderson and Markus Kuhn in the late
nineties, followed shortly by Markus Kuhn and Oliver Kommerling paper on the
forefront attack technologies used for breaking smartcards. Now it seems quite
logical to look at the progress made in this area as a whole decade has passed
since that time. The defence technology has been significantly improved, but
the attackers did not sit idle and made some progress as well. The question is
whether the lessons were learned and whether we have significantly better
hardware security protection in semiconductor devices around us today.

The purpose of this talk is not only in summarising achievements at both the
attack and defence ends. I will raise some concerns about certain security
failures, point out common mistakes made by chip manufacturers and discuss
possible roots of such problems. Finally, I will try to project the trend of
hardware security area into the nearest future.

View original page

16 January 16:00How secure is my messaging protocol for clinical communication? / Mohammed Al-Ubaydli

Computer Laboratory, William Gates Building, Room FW11

I am working on a secure messaging protocol for patients and clinicians. At the moment, patients are
sending their questions over e-mail to NHS clinicians and the clinicians are forced to either ignore the
questions - because of the insecurity of the medium - or send clinical information in the clear - because of trying to serve the patient’s immediate clinical needs.

I am hoping to offer a better service that is more secure but minimizes impact on clinicians’ workflow,
i.e. by allowing them to continue to use their NHS e-mail. I need to know from the group:
# how technically secure is this protocol?
# where are the social engineering vulnerabilities?
# are vulnerabilities low enough to allow adopting this protocol as an improvement over existing workflow?

By way of background, my name is Mohammad (www.mo.md) and I trained as a physician at Cambridge University and a programmer at Anglia Ruskin University. I wrote six books about the use of IT in health care but have no expertise in security so was hoping to benefit from the Friday security group meetings.

View original page

13 January 16:15Identity Theft and the Mobile Device / Andy Jones - Head of Information Security Research, Centre for Information & Security Systems Research, BT Innovate

Lecture Theatre 2, Computer Laboratory, William Gates Building

This presentation will cover the results of research into the quantity and type of information that we give away when we dispose of mobile phones and PDAs and the threat that this poses with regard to identity theft and criminal use of the information.