Science of Security Speaker Series: Grand Research Challenges for Cybersecurity of Critical Information and Infrastructures

  • Posted on April 13, 2017 at 3:15 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Paulo Esteves-Verissimo, University of Luxembourg
April 28
, 2017, 4:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: Computing and communications infrastructures have become commodities which societies largely depend on, transacting huge quantities of data and exhibiting pervasive interconnections, sometimes in critical conditions. However, the actual magnitude that security and dependability risks may assume, is often misperceived. The information society has been assuming risk behaviours, without the adequate protection. Many stakeholders, not only end-users but vendors, service providers, public administrations and — what may be surprising — even governments, seem to ignore those risks, in different ways.

Yet, as will be shown in the talk, the problem should be obvious from the symptoms that have lately seen the light. Threats are everyday more powerful, massive or targeted attacks and advanced persistent threats entered the situational awareness agenda of nations. However, systems remain flaky, sometimes seemingly intentionally, vulnerabilities persist, and partial and/or specific fixes imperfectly mend what are sometimes global problems. Grand challenges deserve grand solutions, and so the talk will conclude along two lines of discussion, as a contribution to the debate on science of cybersecurity: effective strategies for cybersecurity are in dire need; advanced research breaking with traditional paradigms is required.

Bio: Paulo Esteves-Veríssimo is a Professor and FNR PEARL Chair at the University of Luxembourg Faculty of Science, Technology and Communication (FSTC), since fall 2014, and head of the CritiX lab (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the same University (http://wwwen.uni.lu/snt). He is adjunct Professor of the ECE Dept., Carnegie Mellon University. Previously, he has been a Professor of the Univ. of Lisbon, member of the Board of the same university and Director of LaSIGE (http://lasige.di.fc.ul.pt). Veríssimo is Fellow of the IEEE and Fellow of the ACM, and he is associate editor of the IEEE Transactions on Computers. He is currently Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-Chair of the Steering Committee of the IEEE/IFIP DSN conference. He is currently interested in secure and dependable distributed architectures, middleware and algorithms for: resilience of large-scale systems and critical infrastructures, privacy and integrity of highly sensitive data, and adaptability and safety of real-time networked embedded systems. He is author of over 180 peer-refereed publications and co-author of 5 books.

Science of Security Speaker Series: Conceptual Models of Reliability of Fault-tolerant Software Under Cyber-attacks

  • Posted on March 30, 2017 at 10:48 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Peter Popov, City, University of London
March 23
, 2017, 2:00 p.m., 141 Coordinated Science Laboratory

slides

Abstract: This talk will present an approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture such as the 1-out-of-2 software, popular to build industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and “cleansing” under different adversary models ranging from independent attacks on the channels to sophisticated synchronized attacks on the channels. The studies demonstrate that the effect of attacks on reliability of diverse software is significantly affected by the adversary model. Under synchroniz ed attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of the effectiveness of cyber-security controls.

Bio: Peter Popov is Reader in the Centre for Software Reliability, City, University of London, United Kingdom. He joined the Centre in 1997 after a career in industry and in Bulgarian Academy of Sciences. He was a visiting scientist at LAAS, Toulouse, France and at the University of Illinois at Urbana-Champaign and currently at Duke University.

Joint Trust and Security/Science of Security Speaker Series: Computer Security, Privacy, and User Expectations: Case Studies in Web Tracking and Application Permissions

  • Posted on September 16, 2016 at 3:04 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

franziFranziska Roesner, University of Washington
October 18
, 2016, 2:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. My work focuses on investigating computer security and privacy challenges for end users of existing and emerging technologies, and designing and building new systems that better match user expectations. This talk will describe two case studies. First, I will discuss our work on studying the web tracking ecosystem, including a longitudinal study from 1996-2016 and the design of a new defense. I will then describe user-driven access control, a model for granting permissions to applications in modern operating systems that works by extracting permission information from natural user actions. Our recent work enables user-driven access control even for unmodified operating systems. Finally, I will briefly describe our ongoing work on security for emerging augmented reality platforms and security for journalist-source communications.

Bio: Franziska (Franzi) Roesner is an Assistant Professor in Computer Science and Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses on understanding and improving computer security and privacy for end users of existing and emerging technologies, including the web, smartphones, and emerging augmented reality and IoT platforms. Her work on application permissions in modern operating systems received the Best Practical Paper Award at the IEEE Symposium on Security and Privacy, her early work on security and privacy for augmented reality was featured on the cover of the Communications of the ACM magazine, and her defense for tracking by social media widgets on the web was incorporated into the Electronic Frontier Foundation’s Privacy Badger tool. She received her PhD from the University of Washington in 2014 and her BS from the University of Texas at Austin in 2008.

Fall 2016 Joint Trust and Security/Science of Security Seminars

  • Posted on August 19, 2016 at 2:27 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

fantiSpy vs. Spy: Anonymous Messaging over Networks slides | video
Giulia Fanti, Postdoctoral Research Associate, Coordinated Science Lab, University of Illinois at Urbana-Champaign
August 30, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Anonymous microblogging platforms, such as Whisper, Yik Yak, and Secret have emerged as important tools for sharing one’s thoughts without fear of judgment by friends, the public, or authorities. These platforms provide anonymity by allowing users to share content (e.g., short messages) with their peers without revealing authorship information to other users. However, recent advances in rumor source detection show that existing messaging protocols, including those used in the mentioned anonymous microblogging applications, leak authorship information when the adversary has global access to metadata. For example, if an adversary can see which users of a messaging service received a particular message, or the timestamps at which a subset of users received a given message, the adversary can infer the message author’s identity with high probability. We introduce a novel anonymous messaging protocol, which we call adaptive diffusion, that is designed to resist such adversaries. We show that adaptive diffusion spreads messages quickly while achieving provably-optimal anonymity guarantees for specific classes of connectivity networks. Simulations on real social network data show that adaptive diffusion effectively hides the location of the source on real-world networks.

prabhuOreo: Transparent Optimization to Enable Flexible Policy Enforcement in Software Defined Networks  slides | video
Santhosh Prabhu, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
October 11, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Commercial networks today have diverse security policies, defined by factors such as the type of traffic they carry, nature of applications they support, access control objectives, organizational principles etc. Ideally, the wide diversity in SDN controller frameworks should prove helpful in correctly and efficiently enforcing these policies. However, this has not been the case so far. By requiring the administrators to implement both security as well as performance objectives in the SDN controller, these frameworks have made the task of security policy enforcement in SDNs a challenging one. We observe that by separating security policy enforcement from performance optimization, we can facilitate the use of SDN for flexible policy management. To this end, we propose Oreo, a transparent performance enhancement layer for SDNs. Oreo allows SDN controllers to focus entirely on a correct security policy enforcement, and transparently optimizes the dataplane thus defined, reducing path stretch, switch memory consumption etc. Optimizations are performed while guaranteeing that end-to-end reachability characteristics are preserved – meaning that the security policies defined by the controller are not violated. Oreo performs these optimizations by first constructing a network-wide model describing the behavior of all traffic, and then optimizing the paths observed in the model by solving a multi-objective optimization problem. Initial experiments suggest that the techniques used by Oreo is effective, fast, and can scale to commercial-sized networks.

Aphuong caoutomated Generation of Attack Signatures in Attack Graphs  slides | video
Phuong Cao, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
November 1, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: In this talk, we investigate applications of Factor Graphs to automatically generate attack signatures from security logs and domain expert knowledge. We demonstrate advantages of Factor Graphs over traditional probabilistic graphical models such as Bayesian Networks and Markov Random Fields in modeling security attacks. We illustrate Factor Graphs models using case studies of real attacks observed in the wild and at the National Center for Supercomputing Applications. Finally, we investigate how factor functions, a core component of Factor Graphs, can be constructed automatically to potentially improve detection accuracy and allow generalization of trained Factor Graph models in a variety of systems.

dengfeng-liTowards Privacy-Preserving Mobile Utility Apps: A Balancing Act  slides | video
Dengfeng Li, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
November 29, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Among various types of mobile apps, mobile utility apps are increasingly becoming data-driven, and these apps tend to collect a significant amount of app usage data to carry out their promised utilities and enhance user experiences. A part of such app usage data often contains security-sensitive information. Thus, an important and challenging issue arises: how to balance between the user’s privacy and the utility app’s utility functionality. We propose techniques to enable users to determine what original values to keep in sanitized data in order to deliver a desirable level of utility efficacy. To accomplish our goal, we (1) incorporate user assistance for app exploration and abnormal-behavior detection, (2) support user validation of malicious-app candidates via program-repair techniques, and (3) sanitize users’ app usage data to balance between privacy preservation and utility efficacy.

afawaz2Behavioral Analysis for Cyber Resilience  slides | video
Ahmed Fawaz, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
December 6, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Systems and attacks are becoming more sophisticated; classical security methods are failing to protect and secure those systems. We believe that systems should be built to be resilient to attacks.  Cyber Resiliency is the protection strategy that will secure modern systems that control our critical infrastructure. Instead of perfectly protecting the system, a resilient system survives a cyber incident by detecting and containing attacks while maintaining service.

In this talk, we describe our proposed resiliency architecture that uses a model of the system to deploy monitors, estimate the state of the system using monitor data, and selects responses to maintain service during attacks. Then we design the essential components of the said resiliency architecture for a multitude of systems including operating systems and hosts and enterprise networks. The components we build are monitor design, monitor view generation, fusion, and response.  However, several practical and theoretical challenges hinder a cyber-resilient architecture. In particular, the architecture needs to deal with the plethora of monitoring with different semantics and time scales. Moreover, the system is dependent on the integrity of the monitoring data when estimating the state of the system. The integrity of the monitoring data is critical to making “correct” decisions that are not influenced by the attacker. Finally, the response mechanisms need to be proven effective in maintaining the resilience of the system. Proving such properties is particularly challenging because of the complexity of the systems. Our pieces address the challenges that face the cyber resiliency architecture.

First, we designed a host-level monitor, Kobra, that combines the various views of application behaviors into a signal, then learns the baseline of acceptable behaviors. We use the baseline for anomaly detection. Since our cyber resiliency architecture depends on the integrity of the monitoring data, we designed PowerAlert, an out-of-box integrity checker. PowerAlert uses CPU power measurements, measured using an external probe, to verify that the machine executed the check as expected. To prevent an attacker from evading PowerAlert, we use random initiation times and random integrity checking programs. Finally, we use Kobra’s host-level views to correlate events that happen in a network. First, we propose a fusion framework that enables us to fuse monitoring events for different sources. Then using the framework, we collect lateral movement chains across the network.  We form the chain using network causation events. Those causations are inferred using Kobra’s process communications view.

Trust and Security/Science of Security Seminar: Towards a Secure and Resilient Industrial Control System with Software-Defined Networking

  • Posted on February 23, 2016 at 10:25 am by amyclay@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Kevin Jin webDong (Kevin) Jin, Illinois Institute of Technology
March 15, 2016, 4:00 p.m., Coordinated Science Lab Auditorium (B02)

slides | video

Abstract: Modern industrial control systems (ICSes) are increasingly adopting Internet technology to boost control efficiency, which unfortunately opens up a new frontier for cyber-security. People have typically applied existing Internet security techniques, such as firewalls, or anti-virus or anti-spyware software. However, those security solutions can only provide fine-grained protection at single devices. To address this, we design a novel software-defined networking (SDN) architecture that offers the global visibility of a control network infrastructure, and we investigate innovative SDN-based applications with the focus of ICS security, such as network verification and self-healing phasor measurement unit (PMU) networks. We are also conducting rigorous evaluation using the IIT campus microgrid as well as a high-fidelity testbed combining network emulation and power system simulation.

Bio: Dong (Kevin) Jin is an Assistant Professor in the Computer Science Department at the Illinois Institute of Technology. He obtained his Ph.D. in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign in 2013. His research interests include trustworthy cyber-physical critical infrastructures, simulation modeling and analysis, software-defined networking, and cyber-security. He received the best paper awards at the ACM SIGSIM Conference on Principles of Advanced and Distributed Simulation (PADS) in 2012 and 2015.

Science of Security Speaker Series: Secure Positioning: From GPS to IoT Applications

  • Posted on February 22, 2016 at 5:25 pm by amyclay@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Capkun PictureSrdjan Capkun, ETH Zurich
March 30, 2016, 4:00 p.m. 2405 Siebel Center

video

Abstract: In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. Finally I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications.

Bio: Srdjan Čapkun is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia where he received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998. He received his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. He is a co-founder of 3db Access, a startup focusing on secure proximity-based access control.

 

 

 

 

Science of Security Speaker Series: Logjam: Diffie-Hellman, Discrete Logs, the NSA, and You

  • Posted on January 27, 2016 at 9:30 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

halderman_um14-md_REDUCEDJ. Alex Halderman, University of Michigan
February 9
, 2016, 4:00 p.m., B02 Coordinated Science Lab
Slides | Video

Abstract: Diffie-Hellman key exchange is a cornerstone of modern cryptography at the core of protocols like HTTPS and SSH.  Last year, collaborators and I discovered that Diffie-Hellman, as used in practice, is significantly less secure than widely believed. With the number field sieve algorithms, computing a single discrete log in prime fields is more difficult than factoring an RSA modulus of the same size. However, an adversary who performs a large precomputation for a prime $p$ can then quickly calculate arbitrary discrete logs in groups modulo that prime, amortizing the cost over all targets that share this parameter. Although this fact is well known among mathematical cryptographers, it seems to have been lost among practitioners.

Using these observations, we developed Logjam, an attack on TLS in which a man-in-the-middle can downgrade a connection to 512-bit “export-grade” Diffie-Hellman. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We found that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers have been changed to reject short groups.

In the more widespread case of 1024-bit Diffie-Hellman, we estimate that discrete log computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. A small number of fixed or standardized groups are used by millions of servers, and we estimate that performing precomputation for a single 1024-bit group would allow passive eavesdropping on about 18% of popular HTTPS sites, and a second group would allow decryption of traffic to about 66% of IPsec VPNs and 26% of SSH servers. We conclude that the security community should prioritize moving to stronger key exchange methods.

Bio: J. Alex Halderman is an Associate Professor of Computer Science and Engineering at the University of Michigan and Director of Michigan’s Center for Computer Security and Society. His interests include computer and network security, Internet security measurement, censorship resistance, and electronic voting, as well as the interaction of technology with law and international affairs. Named one of Popular Science’s “Brilliant 10” for 2015, his recent projects include ZMap, Let’s Encrypt, and the Telex censorship resistance system.

ITI Joint Trust and Security/Science of Security Seminars Fall 2015

  • Posted on January 19, 2016 at 1:38 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

brighten-godfreyA Hypothesis Testing Framework for Network Security  Slides | Video
Brighten Godfrey, Associate Professor, Computer Science, University of Illinois at Urbana-Champaign
September 15, 2015, 4:00 p.m., 2405 Siebel Center

Abstract: We rely on network infrastructure to deliver critical services and ensure security. Yet networks today have reached a level of complexity that is far beyond our ability to have confidence in their correct behavior – resulting in significant time investment and security vulnerabilities that can cost millions of dollars, or worse. Motivated by this need for rigorous understanding of complex networks, I will give an overview of our or Science of Security lablet project, A Hypothesis Testing Framework for Network Security.

First, I will discuss the emerging field of network verification, which transforms network security by rigorously checking that intended behavior is correctly realized across the live running network. Our research developed a technique called data plane verification, which has discovered problems in operational environments and can verify hypotheses and security policies with millisecond-level latency in dynamic networks. In just a few years, data plane verification has moved from early research prototypes to production deployment. We have built on this technique to reason about hypotheses even under the temporal uncertainty inherent in a large distributed network. Second, I will discuss a new approach to reasoning about networks as databases that we can query to determine answers to behavioral questions and to actively control the network. This talk will span work by a large group of folks, including Anduo Wang, Wenxu an Zhou, Dong Jin, Jason Croft, Matthew Caesar, Ahmed Khurshid, and Xuan Zou.

Eric Badger PhotoScalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honey Pot Environment  Slides | Video
Eric Badger, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
October 6, 2015, 4:00 p.m., 2405 Siebel Center

Abstract: This talk will explore a scalable data analytics pipeline for real-time attack detection through the use of customized honeypots at the National Center for Supercomputing Applications (NCSA). Attack detection tools are common and are constantly improving, but validating these tools is challenging. You must: (i) identify data (e.g., system-level events) that is essential for detecting attacks, (ii) extract this data from multiple data logs collected by runtime monitors, and (iii) present the data to the attack detection tools. On top of this, such an approach must scale with an ever-increasing amount of data, while allowing integration of new monitors and attack detection tools. All of these require an infrastructure to host and validate the developed tools before deployment into a production environment.

We will present a generalized architecture that aims for a real-time, scalable, and extensible pipeline that can be deployed in diverse infrastructures to validate arbitrary attack detection tools. To motivate our approach, we will show an example deployment of our pipeline based on open-sourced tools. The example deployment uses as its data sources: (i) a customized honeypot environment at NCSA and (ii) a container-based testbed infrastructure for interactive attack replay. Each of these data sources is equipped with network and host-based monitoring tools such as Bro (a network-based intrusion detection system) and OSSEC (a host-based intrusion detection system) to allow for the runtime collection of data on system/user behavior. Finally, we will present an attack detection tool that we developed and that we look to validate through our pipeline. In conclusion, the talk will discuss the challenges of transitioning attack detection from theory to practice and how the proposed data analytics pipeline can help that transition.

Accounting for User Behavior in Predictive Cyber Security Models  Slides | Video
Mohammad Noureddine, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
October 20, 2015, 4:00 p.m., 2405 Siebel Center

Abstract: The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element.

In this talk, we discuss several psychological theories that attempt to understand and influence the human behavior in the cyber world. Our goal is to use such theories in order to build predictive cyber security models that include the behavior of typical users, as well as system administrators. We then illustrate the importance of our approach by presenting a case study that incorporates models of human users. We analyze our preliminary results and discuss their challenges and our approaches to address them in the future.

Zhenqi Huang PhotoYuWangSMT-Based Controller Synthesis for Linear Dynamical Systems with Adversary  Slides | Video
Zhenqi Huang, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
Yu Wang, Research Assistant, Mechanical Science and Engineering, University of Illinois at Urbana-Champaign
November 3, 2015, 4:00 p.m., 2405 Siebel Center

Abstract: We present a controller synthesis algorithm for a discrete time reach-avoid problem in the presence of adversaries. Our model of the adversary captures typical malicious attacks envisioned on cyber-physical systems such as sensor spoofing, controller corruption, and actuator intrusion. After formulating the problem in a general setting, we present a sound and complete algorithm for the case with linear dynamics and an adversary with a budget on the total L2-norm of its actions. The algorithm relies on a result from linear control theory that enables us to decompose and precisely compute the reachable states of the system in terms of a symbolic simulation of the adversary-free dynamics and the total uncertainty induced by the adversary. We provide constraint-based synthesis algorithms for synthesizing open-loop and a closed-loop controllers using SMT solvers.

Science of Security Speaker Series: Security at Scale

  • Posted on October 19, 2015 at 1:46 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Niels ProvosNeils Provos, Google, Inc.
November 13, 2015, 10:00 a.m., B02 Coordinated Science Lab

Abstract: Security continues to be a challenging problem. After decades of research, we’re still struggling with vulnerabilities, human and machine, and their exploitation. Solving security requires looking at the problem holistically, and explicitly including the human component. In this talk, I’ll be discussing some of the security challenges we encounter at Google: from Unwanted Software, across encrypting HTTP everywhere, to strong authentication. The focus will be on what we found works in practice, and some of the lessons we have learned.

Bio:  Niels Provos is a Distinguished Engineer in Google’s Infrastructure Security group where he is responsible for security engineering. His interests span a wide range of security topics including malware and cloud security. He received a Ph.D. from the University of Michigan in 2003. When not working with computers, he forges steel into swords.

ITI Joint Trust and Security/Science of Security Seminars Spring 2016

  • Posted on September 16, 2015 at 11:16 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Tao Xie PhotoUser Expectations in Mobile App Security  slides | video
Tao Xie, Associate Professor, Computer Science, University of Illinois at Urbana-Champaign
January 26, 2016, 4:00 p.m., B02 Coordinated Science Lab

Abstract: Maintaining the security and privacy hygiene of mobile apps is a critical challenge. Unfortunately, no program analysis algorithm can determine that an application is “secure” or “malware-free.” For example, if an application records audio during a phone call, it may be malware. However, the user may want to use such an application to record phone calls for archival and benign purposes. A key challenge for automated program analysis tools is determining whether or not that behavior is actually desired by the user (i.e., user expectation). This talk presents recent research progress in exploring user expectations in mobile app security.

winglam-pictureTowards Preserving Mobile Users’ Privacy in the Context of Utility Apps
Wing Lam, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
March 1, 2016, 4:00 p.m., B02 Coordinated Science Lab

Abstract: A variety of valuable mobile utility apps heavily rely on collecting a user’s app usage data to carry out their promised utilities and enhance user experiences. A part of such app usage data often contains security-sensitive information. Thus, an important and challenging issue arises: how to balance between the user’s privacy and the utility app’s utility functionality. Towards addressing the issue, we propose a new privacy framework that combines techniques of runtime sensitive-information detection, utility-impact analysis, privacy-policy compliance checking, and balanced data anonymization to enable a third-party app to determine what original values to keep in sanitized data in order to deliver a desirable level of utility efficacy.

Zhenqi Huang PhotoYuWangDifferential Privacy, Entropy and Security in Distributed Control of Cyber Physical Systems  slides | video
Zhenqi Huang, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
Yu Wang, Research Assistant, Mechanical Science and Engineering, University of Illinois at Urbana-Champaign
April 26, 2016, 4:00 p.m., B02 Coordinated Science Lab

Abstract: The concept of differential privacy stems from the study of private query of datasets. In this work, we apply this concept to discrete-time, linear distributed control systems in which agents need to maintain privacy of certain preferences, while sharing information for better system-level performance. The system has N agents operating in a shared environment that couples their dynamics. We show that for stable systems the performance grows as O(T3/Nε2), where T is the time horizon and ε is the differential privacy parameter. Next, we study lower-bounds in terms of the Shannon entropy of the minimal mean square estimate of the system’s private initial state from noisy communications between an agent and the server. We show that for any of noise-adding differentially private mechanism, then the Shannon entropy is at least nN(1−ln(ε/2)), where n is the dimension of the system, and t he lower bound is achieved by a Laplace-noise-adding mechanism. Finally, we study the problem of keeping the objective functions of individual agents differentially private in the context of cloud-based distributed optimization. The result shows a trade-off between the privacy of objective functions and the performance of the distributed optimization algorithm with noise.

phuong caoPreemptive Intrusion Detection – Practical Experience and Detection Framework  slides | video
Phuong Cao, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
May 3, 2016, 4:00 p.m., B02 Coordinated Science Lab

Abstract: Using stolen or weak credentials to bypass authentication is one of the top 10 network threats, as shown in recent studies. Disguising as legitimate users, attackers use stealthy techniques such as rootkits and covert channels to gain persistent access to a target system. However, such attacks are often detected after the system misuse stage, i.e., the attackers have already executed attack payloads such as: i) stealing secrets, ii) tampering with system services, and ii) disrupting the availability of production services.

In this talk, we analyze a real-world credential stealing attack observed at the National Center for Supercomputing Applications. We show the disadvantages of traditional detection techniques such as signature-based and anomaly-based detection for such attacks. Our approach is a complement to existing detection techniques. We investigate the use of Probabilistic Graphical Model, specifically Factor Graphs, to integrate security logs from multiple sources for a more accurate detection. Finally, we propose a security testbed architecture to: i) simulate variants of known attacks that may happen in the future, ii) replay such attack variants in an isolated environment, and iii) collect and share security logs of such replays for the security research community.