Science of Security Speaker Series: Grand Research Challenges for Cybersecurity of Critical Information and Infrastructures

  • Posted on April 13, 2017 at 3:15 pm by
  • Categorized Events.
  • Comments are off for this post.

Paulo Esteves-Verissimo, University of Luxembourg
April 28
, 2017, 4:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: Computing and communications infrastructures have become commodities which societies largely depend on, transacting huge quantities of data and exhibiting pervasive interconnections, sometimes in critical conditions. However, the actual magnitude that security and dependability risks may assume, is often misperceived. The information society has been assuming risk behaviours, without the adequate protection. Many stakeholders, not only end-users but vendors, service providers, public administrations and — what may be surprising — even governments, seem to ignore those risks, in different ways.

Yet, as will be shown in the talk, the problem should be obvious from the symptoms that have lately seen the light. Threats are everyday more powerful, massive or targeted attacks and advanced persistent threats entered the situational awareness agenda of nations. However, systems remain flaky, sometimes seemingly intentionally, vulnerabilities persist, and partial and/or specific fixes imperfectly mend what are sometimes global problems. Grand challenges deserve grand solutions, and so the talk will conclude along two lines of discussion, as a contribution to the debate on science of cybersecurity: effective strategies for cybersecurity are in dire need; advanced research breaking with traditional paradigms is required.

Bio: Paulo Esteves-Veríssimo is a Professor and FNR PEARL Chair at the University of Luxembourg Faculty of Science, Technology and Communication (FSTC), since fall 2014, and head of the CritiX lab (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the same University ( He is adjunct Professor of the ECE Dept., Carnegie Mellon University. Previously, he has been a Professor of the Univ. of Lisbon, member of the Board of the same university and Director of LaSIGE ( Veríssimo is Fellow of the IEEE and Fellow of the ACM, and he is associate editor of the IEEE Transactions on Computers. He is currently Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-Chair of the Steering Committee of the IEEE/IFIP DSN conference. He is currently interested in secure and dependable distributed architectures, middleware and algorithms for: resilience of large-scale systems and critical infrastructures, privacy and integrity of highly sensitive data, and adaptability and safety of real-time networked embedded systems. He is author of over 180 peer-refereed publications and co-author of 5 books.

Science of Security Speaker Series: Conceptual Models of Reliability of Fault-tolerant Software Under Cyber-attacks

  • Posted on March 30, 2017 at 10:48 am by
  • Categorized Events.
  • Comments are off for this post.

Peter Popov, City, University of London
March 23
, 2017, 2:00 p.m., 141 Coordinated Science Laboratory


Abstract: This talk will present an approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture such as the 1-out-of-2 software, popular to build industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and “cleansing” under different adversary models ranging from independent attacks on the channels to sophisticated synchronized attacks on the channels. The studies demonstrate that the effect of attacks on reliability of diverse software is significantly affected by the adversary model. Under synchroniz ed attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of the effectiveness of cyber-security controls.

Bio: Peter Popov is Reader in the Centre for Software Reliability, City, University of London, United Kingdom. He joined the Centre in 1997 after a career in industry and in Bulgarian Academy of Sciences. He was a visiting scientist at LAAS, Toulouse, France and at the University of Illinois at Urbana-Champaign and currently at Duke University.

Joint Trust and Security/Science of Security Speaker Series: Computer Security, Privacy, and User Expectations: Case Studies in Web Tracking and Application Permissions

  • Posted on September 16, 2016 at 3:04 pm by
  • Categorized Events.
  • Comments are off for this post.

franziFranziska Roesner, University of Washington
October 18
, 2016, 2:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. My work focuses on investigating computer security and privacy challenges for end users of existing and emerging technologies, and designing and building new systems that better match user expectations. This talk will describe two case studies. First, I will discuss our work on studying the web tracking ecosystem, including a longitudinal study from 1996-2016 and the design of a new defense. I will then describe user-driven access control, a model for granting permissions to applications in modern operating systems that works by extracting permission information from natural user actions. Our recent work enables user-driven access control even for unmodified operating systems. Finally, I will briefly describe our ongoing work on security for emerging augmented reality platforms and security for journalist-source communications.

Bio: Franziska (Franzi) Roesner is an Assistant Professor in Computer Science and Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses on understanding and improving computer security and privacy for end users of existing and emerging technologies, including the web, smartphones, and emerging augmented reality and IoT platforms. Her work on application permissions in modern operating systems received the Best Practical Paper Award at the IEEE Symposium on Security and Privacy, her early work on security and privacy for augmented reality was featured on the cover of the Communications of the ACM magazine, and her defense for tracking by social media widgets on the web was incorporated into the Electronic Frontier Foundation’s Privacy Badger tool. She received her PhD from the University of Washington in 2014 and her BS from the University of Texas at Austin in 2008.

Science of Security Speaker Series: Who Do I Think You Are? Challenges and Opportunities in Telephony Authentication

  • Posted on March 3, 2016 at 3:25 pm by
  • Categorized SoS Speaker Series.
  • Comments are off for this post.

Traynor photoPatrick Traynor, University of Florida 
April 12, 2016, 4:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: Telephones remain a trusted platform for bootstrapping and conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between disparate telephony systems, and in the general case it is impossible to be certain of the identity of the entity at the other end of a call. In this talk, we will investigate the rise of three classes of attacks that are the direct result of such poorly placed trust. I begin with an investigation of the ways in which phone numbers are being used as strong authenticators for Internet-based systems (i.e., phone verified account fraud). I will then discuss how associating call origins with specific users is difficult even for providers (i.e., simboxing). Lastly, I show how the lack of secure metadata leads to attacks on users (i.e., Caller-ID spoofing). We discuss how our research group is attempting to solve each of these problems, and the challenges that remain ahead.

Bio: Patrick Traynor is an Associate Professor in the Department of Computer and Information Science and Engineering (CISE) at the University of Florida. His research focuses on the security of mobile systems, with a concentration on telecommunications infrastructure and mobile devices. His research has uncovered critical vulnerabilities in cellular networks, made the first characterization of mobile malware in provider networks and offers a robust approach to detecting and combatting Caller-ID scams. He is also interested in Internet security and the systems challenges of applied cryptography. He received a CAREER Award from the National Science Foundation in 2010 and was named a Sloan Fellow in 2014.

Professor Traynor earned his Ph.D. and M.S. in Computer Science and Engineering from the Pennsylvania State University in 2008 and 2004, respectively, and my B.S. in Computer Science from the University of Richmond in 2002. After promotion and tenure in the School of Computer Science at Georgia Tech, he joined the University of Florida in 2014 as part of the UFRising Preeminence Hiring Program. He is the co-director of the Florida Institute for Cybersecurity (FICS) and am also a co-founder of Pindrop Security.

Science of Security Speaker Series: Secure Positioning: From GPS to IoT Applications

  • Posted on February 22, 2016 at 5:25 pm by
  • Categorized Events.
  • Comments are off for this post.

Capkun PictureSrdjan Capkun, ETH Zurich
March 30, 2016, 4:00 p.m. 2405 Siebel Center


Abstract: In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. Finally I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications.

Bio: Srdjan Čapkun is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia where he received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998. He received his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. He is a co-founder of 3db Access, a startup focusing on secure proximity-based access control.





Science of Security Speaker Series: Logjam: Diffie-Hellman, Discrete Logs, the NSA, and You

  • Posted on January 27, 2016 at 9:30 am by
  • Categorized Events.
  • Comments are off for this post.

halderman_um14-md_REDUCEDJ. Alex Halderman, University of Michigan
February 9
, 2016, 4:00 p.m., B02 Coordinated Science Lab
Slides | Video

Abstract: Diffie-Hellman key exchange is a cornerstone of modern cryptography at the core of protocols like HTTPS and SSH.  Last year, collaborators and I discovered that Diffie-Hellman, as used in practice, is significantly less secure than widely believed. With the number field sieve algorithms, computing a single discrete log in prime fields is more difficult than factoring an RSA modulus of the same size. However, an adversary who performs a large precomputation for a prime $p$ can then quickly calculate arbitrary discrete logs in groups modulo that prime, amortizing the cost over all targets that share this parameter. Although this fact is well known among mathematical cryptographers, it seems to have been lost among practitioners.

Using these observations, we developed Logjam, an attack on TLS in which a man-in-the-middle can downgrade a connection to 512-bit “export-grade” Diffie-Hellman. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We found that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers have been changed to reject short groups.

In the more widespread case of 1024-bit Diffie-Hellman, we estimate that discrete log computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. A small number of fixed or standardized groups are used by millions of servers, and we estimate that performing precomputation for a single 1024-bit group would allow passive eavesdropping on about 18% of popular HTTPS sites, and a second group would allow decryption of traffic to about 66% of IPsec VPNs and 26% of SSH servers. We conclude that the security community should prioritize moving to stronger key exchange methods.

Bio: J. Alex Halderman is an Associate Professor of Computer Science and Engineering at the University of Michigan and Director of Michigan’s Center for Computer Security and Society. His interests include computer and network security, Internet security measurement, censorship resistance, and electronic voting, as well as the interaction of technology with law and international affairs. Named one of Popular Science’s “Brilliant 10” for 2015, his recent projects include ZMap, Let’s Encrypt, and the Telex censorship resistance system.

Science of Security Speaker Series: Security at Scale

  • Posted on October 19, 2015 at 1:46 pm by
  • Categorized Events.
  • Comments are off for this post.

Niels ProvosNeils Provos, Google, Inc.
November 13, 2015, 10:00 a.m., B02 Coordinated Science Lab

Abstract: Security continues to be a challenging problem. After decades of research, we’re still struggling with vulnerabilities, human and machine, and their exploitation. Solving security requires looking at the problem holistically, and explicitly including the human component. In this talk, I’ll be discussing some of the security challenges we encounter at Google: from Unwanted Software, across encrypting HTTP everywhere, to strong authentication. The focus will be on what we found works in practice, and some of the lessons we have learned.

Bio:  Niels Provos is a Distinguished Engineer in Google’s Infrastructure Security group where he is responsible for security engineering. His interests span a wide range of security topics including malware and cloud security. He received a Ph.D. from the University of Michigan in 2003. When not working with computers, he forges steel into swords.

SoS Speaker Series: Methods and Characteristics of Fraud in Online Advertising

  • Posted on September 8, 2015 at 1:05 pm by
  • Categorized Events.
  • Comments are off for this post.

Paul Barford2Paul Barford, University of Wisconsin, Madison
October 16, 2015, 10:00 a.m., B02 Coordinated Science Lab


Abstract:  The diversity of entities and complexity of mechanisms involved in the delivery of online display and video advertisements lead to a variety of opportunities for fraudsters.  Recent reports by estimate online fraud in the hundreds of millions of dollars annually.  In this talk, I will provide an overview of the online ad eco-system.  I will describe the methods that are commonly used to commit ad fraud, and the basic approaches to detecting and mitigating fraud.  I will also describe a new type of ad fraud that we call domain laundering, which is quite subtle and takes advantage of the limitations in standard methods for ad placement attribution.  I will provide an overview of the mechanisms used to facilitate domain laundering along with case studies on three different instances of domain laundering that we have identified and diagnosed.  I will conclude with a discussion on approaches for enhanced identification and mitigation of online ad fraud including domain laundering.

Bio:  Paul Barford a professor of Computer Sciences at the University of Wisconsin-Madison.  He is also the Chief Scientist at comScore, Inc.  His Research interests are in computer networking and communications, large data analytics, and Internet security.  He was the founder of Nemean Networks (acquired By Qualys in ‘10) and co-founder of MdotLabs (acquired By comScore in ‘14).   He has published over 100 research papers and has served on numerous national and international panels, editorial boards, organizing committees, and program committees. He has an NSF CAREER award, several best paper awards and is a Distinguished Member of the ACM and a Senior Member of the IEEE.

SoS Speaker Series: Seven Years of Mobile Smartphone Security

  • Posted on September 3, 2015 at 12:56 pm by
  • Categorized Events.
  • Comments are off for this post.

Patrick McDaniel


Patrick McDaniel, The Pennsylvania State University
September 24, 10:00 a.m., B02 Coordinated Science Lab

Abstract: The introduction of smart phones in 2008 forever changed the way users interact with data and computation. These platforms and the network and cloud services supporting them have led to a renaissance of mobile computing. At the same time, changes in the nature of personal computing heightens concerns about security and privacy.   Such concerns prompted an ongoing area of scientific study exploring smartphone and application security. Through these efforts, the technical community has become increasingly aware that applications can (and in many cases have) work against the user’s best interests and house new forms of malware.

This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first seven years of its existence. A retrospective view of how the community’s understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.

Bio: Patrick McDaniel is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, IEEE Fellow, and Chair of the IEEE Technical Committee for Security and Privacy. Dr. McDaniel is also the program manager and lead scientist for the newly created Cyber-Security Collaborative Research Alliance. Patrick’s research efforts centrally focus on network, telecommunications, systems security, language-based security, and technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.


SoS Speaker Series: Thoughts on Retrofitting Legacy Code for Security

  • Posted on June 16, 2015 at 11:00 am by
  • Categorized Events.
  • Comments are off for this post.


Somesh Jha, University of Wisconsin, Madison
April 2, 4:00 p.m., 301 Coordinated Science Lab

Abstract: Writing a complex but secure program is a near-impossible task for a conventional operating system. If an attacker compromises any module of a trusted program running on such a system, then the attacker can perform arbitrary operations on the system. However, if a program runs on a privilege-aware operating system, then the program can invoke system calls to explicitly manage the privileges of its modules, and thus minimize the abilities of an attacker. The developers of privilege-aware systems have rewritten complex programs to invoke such system calls to satisfy strong security properties. However, such systems have not been adopted by developers outside the development community of each system. Moreover, even the systems’ own developers often write programs for their system that they believe to be correct, only to realize later through testing that the rewritten program is insecure or does not demonstrate desired functionality of the original program.

In this talk we will examine the challenges in rewriting programs for privilege-aware systems, and present a tool, called a policy weaver, that rewrites programs for such systems automatically. Our policy weaver takes as input a program written for a conventional system and a small and declarative policy (i.e., a regular expression describing allowed program executions). The weaver outputs a version of the program that invokes system calls so that it satisfies the policy. The weaver reduces each rewriting problem to finding a correct strategy to a two-player automata-theoretic safety game. We describe our experience developing a policy weaver for the Capsicum privilege-aware operating system (now included in FreeBSD 9.0), and describe how a policy weaver for an arbitrary privilege-aware system can be constructed automatically by providing a declarative model of the system to a policy-weaver generator. I will conclude by describing some future work and encourage other researchers to work on some interesting problems on this topic.

Bio: Somesh Jha received his B.Tech from Indian Institute of Technology, New Delhi in Electrical Engineering. He received his Ph.D. in Computer Science from Carnegie Mellon University in 1996. Currently, Somesh Jha is a Professor in the Computer Sciences Department at the University of Wisconsin (Madison), which he joined in 2000. His work focuses on analysis of security protocols, survivability analysis, intrusion detection, formal methods for security, and analyzing malicious code.  Recently he has also worked on privacy-preserving protocols. Somesh Jha has published over 150 articles in highly-refereed conferences and prominent journals. He has won numerous best-paper awards. Somesh also received the NSF career award in 2005.