Spring 2017 Joint Trust and Security/Science of Security Seminars

  • Posted on February 7, 2017 at 9:02 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Anonymity in the Bitcoin Peer-to-Peer Network  slides | video
Giulia Fanti, Postdoctoral Research Associate, Coordinated Science Lab, University of Illinois at Urbana-Champaign
February 21, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: Bitcoin enjoys a public perception of being a ‘privacy-preserving’ financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the P2P network currently forwards content in a structured way that allows observers to deanonymize users by linking their transactions to the originating IP addresses. In this work, we first demonstrate that current protocols exhibit poor anonymity guarantees, both theoretically and in practice. Then, we consider a first-principles redesign of the P2P network, with the goal of providing strong, provable anonymity guarantees. We propose a simple networking policy called Dandelion, which achieves nearly-optimal anonymity guarantees at minimal cost to the network’s utility.

CANCELLED: Combining Simulation and Emulation Systems for Smart Grid Planning and Evaluation 
Christopher Hannon, Graduate Research Assistant, Computer Science, Illinois Institute of Technology
February 28, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: The successful operations of modern power grids are highly dependent on a reliable and efficient underlying communication network. Researchers and utilities have started to explore the opportunities and challenges of applying the emerging software-defined networking (SDN) technology to enhance efficiency and resilience of the Smart Grid. This trend calls for a simulation-based platform that provides sufficient flexibility and controllability for evaluating network application designs, and facilitating the transitions from in-house research ideas to real productions. In this paper, we present DSSnet, a hybrid testing platform that combines a power distribution system simulator with an SDN emulator to support high fidelity analysis of communication network applications and their impacts on power systems. Our contributions lay in the design of a virtual time system with the tight controllability on the execution of the emulation system, i.e., pausing and resuming any specified container processes in the perception of their own virtual clocks, with little overhead scaling to 500 emulated hosts with an average of 70 ms overhead; and also lay in the efficient synchronization of the two sub-systems based on the virtual time. We evaluate the system performance of DSSnet, and also demonstrate the usability through a case study by evaluating a demand response application.

Optimal Data Rate for State Estimation of Switched Nonlinear Systems  slides | video
Hussein Sibai, Graduate Research Assistant, Coordinated Science Lab, University of Illinois at Urbana-Champaign
April 11, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: State estimation is a fundamental problem for monitoring and controlling systems. Engineering systems interconnect sensing and computing devices over a shared bandwidth-limited channels, and therefore, estimation algorithms should strive to use bandwidth optimally. We present a notion of entropy for state estimation of switched nonlinear dynamical systems, an upper bound for it and a state estimation algorithm for the case when the switching signal is unobservable. Our approach relies on the notion of topological entropy and uses techniques from the theory for control under limited information. We show that the average bit rate used is optimal in the sense that, the efficiency gap of the algorithm is within an additive constant of the gap between estimation entropy of the system and its known upper-bound. We apply the algorithm to two system models and discuss the performance implications of the number of tracked modes.

Joint Trust and Security/Science of Security Speaker Series: Computer Security, Privacy, and User Expectations: Case Studies in Web Tracking and Application Permissions

  • Posted on September 16, 2016 at 3:04 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

franziFranziska Roesner, University of Washington
October 18
, 2016, 2:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. My work focuses on investigating computer security and privacy challenges for end users of existing and emerging technologies, and designing and building new systems that better match user expectations. This talk will describe two case studies. First, I will discuss our work on studying the web tracking ecosystem, including a longitudinal study from 1996-2016 and the design of a new defense. I will then describe user-driven access control, a model for granting permissions to applications in modern operating systems that works by extracting permission information from natural user actions. Our recent work enables user-driven access control even for unmodified operating systems. Finally, I will briefly describe our ongoing work on security for emerging augmented reality platforms and security for journalist-source communications.

Bio: Franziska (Franzi) Roesner is an Assistant Professor in Computer Science and Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses on understanding and improving computer security and privacy for end users of existing and emerging technologies, including the web, smartphones, and emerging augmented reality and IoT platforms. Her work on application permissions in modern operating systems received the Best Practical Paper Award at the IEEE Symposium on Security and Privacy, her early work on security and privacy for augmented reality was featured on the cover of the Communications of the ACM magazine, and her defense for tracking by social media widgets on the web was incorporated into the Electronic Frontier Foundation’s Privacy Badger tool. She received her PhD from the University of Washington in 2014 and her BS from the University of Texas at Austin in 2008.

Fall 2016 Joint Trust and Security/Science of Security Seminars

  • Posted on August 19, 2016 at 2:27 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

fantiSpy vs. Spy: Anonymous Messaging over Networks slides | video
Giulia Fanti, Postdoctoral Research Associate, Coordinated Science Lab, University of Illinois at Urbana-Champaign
August 30, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Anonymous microblogging platforms, such as Whisper, Yik Yak, and Secret have emerged as important tools for sharing one’s thoughts without fear of judgment by friends, the public, or authorities. These platforms provide anonymity by allowing users to share content (e.g., short messages) with their peers without revealing authorship information to other users. However, recent advances in rumor source detection show that existing messaging protocols, including those used in the mentioned anonymous microblogging applications, leak authorship information when the adversary has global access to metadata. For example, if an adversary can see which users of a messaging service received a particular message, or the timestamps at which a subset of users received a given message, the adversary can infer the message author’s identity with high probability. We introduce a novel anonymous messaging protocol, which we call adaptive diffusion, that is designed to resist such adversaries. We show that adaptive diffusion spreads messages quickly while achieving provably-optimal anonymity guarantees for specific classes of connectivity networks. Simulations on real social network data show that adaptive diffusion effectively hides the location of the source on real-world networks.

prabhuOreo: Transparent Optimization to Enable Flexible Policy Enforcement in Software Defined Networks  slides | video
Santhosh Prabhu, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
October 11, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Commercial networks today have diverse security policies, defined by factors such as the type of traffic they carry, nature of applications they support, access control objectives, organizational principles etc. Ideally, the wide diversity in SDN controller frameworks should prove helpful in correctly and efficiently enforcing these policies. However, this has not been the case so far. By requiring the administrators to implement both security as well as performance objectives in the SDN controller, these frameworks have made the task of security policy enforcement in SDNs a challenging one. We observe that by separating security policy enforcement from performance optimization, we can facilitate the use of SDN for flexible policy management. To this end, we propose Oreo, a transparent performance enhancement layer for SDNs. Oreo allows SDN controllers to focus entirely on a correct security policy enforcement, and transparently optimizes the dataplane thus defined, reducing path stretch, switch memory consumption etc. Optimizations are performed while guaranteeing that end-to-end reachability characteristics are preserved – meaning that the security policies defined by the controller are not violated. Oreo performs these optimizations by first constructing a network-wide model describing the behavior of all traffic, and then optimizing the paths observed in the model by solving a multi-objective optimization problem. Initial experiments suggest that the techniques used by Oreo is effective, fast, and can scale to commercial-sized networks.

Aphuong caoutomated Generation of Attack Signatures in Attack Graphs  slides | video
Phuong Cao, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
November 1, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: In this talk, we investigate applications of Factor Graphs to automatically generate attack signatures from security logs and domain expert knowledge. We demonstrate advantages of Factor Graphs over traditional probabilistic graphical models such as Bayesian Networks and Markov Random Fields in modeling security attacks. We illustrate Factor Graphs models using case studies of real attacks observed in the wild and at the National Center for Supercomputing Applications. Finally, we investigate how factor functions, a core component of Factor Graphs, can be constructed automatically to potentially improve detection accuracy and allow generalization of trained Factor Graph models in a variety of systems.

dengfeng-liTowards Privacy-Preserving Mobile Utility Apps: A Balancing Act  slides | video
Dengfeng Li, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
November 29, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Among various types of mobile apps, mobile utility apps are increasingly becoming data-driven, and these apps tend to collect a significant amount of app usage data to carry out their promised utilities and enhance user experiences. A part of such app usage data often contains security-sensitive information. Thus, an important and challenging issue arises: how to balance between the user’s privacy and the utility app’s utility functionality. We propose techniques to enable users to determine what original values to keep in sanitized data in order to deliver a desirable level of utility efficacy. To accomplish our goal, we (1) incorporate user assistance for app exploration and abnormal-behavior detection, (2) support user validation of malicious-app candidates via program-repair techniques, and (3) sanitize users’ app usage data to balance between privacy preservation and utility efficacy.

afawaz2Behavioral Analysis for Cyber Resilience  slides | video
Ahmed Fawaz, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
December 6, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Systems and attacks are becoming more sophisticated; classical security methods are failing to protect and secure those systems. We believe that systems should be built to be resilient to attacks.  Cyber Resiliency is the protection strategy that will secure modern systems that control our critical infrastructure. Instead of perfectly protecting the system, a resilient system survives a cyber incident by detecting and containing attacks while maintaining service.

In this talk, we describe our proposed resiliency architecture that uses a model of the system to deploy monitors, estimate the state of the system using monitor data, and selects responses to maintain service during attacks. Then we design the essential components of the said resiliency architecture for a multitude of systems including operating systems and hosts and enterprise networks. The components we build are monitor design, monitor view generation, fusion, and response.  However, several practical and theoretical challenges hinder a cyber-resilient architecture. In particular, the architecture needs to deal with the plethora of monitoring with different semantics and time scales. Moreover, the system is dependent on the integrity of the monitoring data when estimating the state of the system. The integrity of the monitoring data is critical to making “correct” decisions that are not influenced by the attacker. Finally, the response mechanisms need to be proven effective in maintaining the resilience of the system. Proving such properties is particularly challenging because of the complexity of the systems. Our pieces address the challenges that face the cyber resiliency architecture.

First, we designed a host-level monitor, Kobra, that combines the various views of application behaviors into a signal, then learns the baseline of acceptable behaviors. We use the baseline for anomaly detection. Since our cyber resiliency architecture depends on the integrity of the monitoring data, we designed PowerAlert, an out-of-box integrity checker. PowerAlert uses CPU power measurements, measured using an external probe, to verify that the machine executed the check as expected. To prevent an attacker from evading PowerAlert, we use random initiation times and random integrity checking programs. Finally, we use Kobra’s host-level views to correlate events that happen in a network. First, we propose a fusion framework that enables us to fuse monitoring events for different sources. Then using the framework, we collect lateral movement chains across the network.  We form the chain using network causation events. Those causations are inferred using Kobra’s process communications view.

Trust and Security/Science of Security Seminar: Towards a Secure and Resilient Industrial Control System with Software-Defined Networking

  • Posted on February 23, 2016 at 10:25 am by amyclay@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Kevin Jin webDong (Kevin) Jin, Illinois Institute of Technology
March 15, 2016, 4:00 p.m., Coordinated Science Lab Auditorium (B02)

slides | video

Abstract: Modern industrial control systems (ICSes) are increasingly adopting Internet technology to boost control efficiency, which unfortunately opens up a new frontier for cyber-security. People have typically applied existing Internet security techniques, such as firewalls, or anti-virus or anti-spyware software. However, those security solutions can only provide fine-grained protection at single devices. To address this, we design a novel software-defined networking (SDN) architecture that offers the global visibility of a control network infrastructure, and we investigate innovative SDN-based applications with the focus of ICS security, such as network verification and self-healing phasor measurement unit (PMU) networks. We are also conducting rigorous evaluation using the IIT campus microgrid as well as a high-fidelity testbed combining network emulation and power system simulation.

Bio: Dong (Kevin) Jin is an Assistant Professor in the Computer Science Department at the Illinois Institute of Technology. He obtained his Ph.D. in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign in 2013. His research interests include trustworthy cyber-physical critical infrastructures, simulation modeling and analysis, software-defined networking, and cyber-security. He received the best paper awards at the ACM SIGSIM Conference on Principles of Advanced and Distributed Simulation (PADS) in 2012 and 2015.