TRUST Seminar Series

If you are visiting Cory Hall from off campus, please see the Visitor Information page.

To receive notification of future TRUST Seminar Series talks, please join either the trustlocal or the trustseminar workgroup.

(Most members of TRUST that are located to UC Berkeley should join the trustlocal workgroup instead of the trustseminar workgroup.)

Information on past TRUST Seminars is available here.

Fall 2008 TRUST Seminar Series

On the Fragility of Adversary Definitions in Cryptographic Protocols

Virgil Gligor, Carnegie Mellon University

1pm, Thursday, September 4, 2008, 540 A/B, Cory Hall

Abstract
Adversary definitions that have been successfully used in cryptography theory are fragile; i.e., restrictions placed on the adversary behavior can be circumvented in practice. Fragility is caused by mismatches between the computational models assumed by adversary definitions and the practical realities of large-scale networks, such as the Internet. For example, a large number of encryption/decryption oracles may be available to an adversary in practice when only single-oracle access is assumed in theory; or bounds on the number of attack queries that can be issued by an adversary in theory cannot be enforced in practice. I illustrate these mismatches with two examples of new PPT adversaries: a "concurrent" and a "network" adversary. In the first example, bounds placed on the number of attack queries launched by an adversary against password-based authenticated key exchange (PAKE) protocols whose security is proven in either the standard or the random oracle models, can be circumvented by multi-threaded, client-server models of computation in the Internet. (This is based on joint work with Taekyoung Kwon and Ji Sun Shin.) In the second example, I argue that a PPT adversary with access to a large, but bounded, number of different oracles can break encryption schemes that offer a very strong sense of security (i.e., schemes proved to be IND-CCA2 secure) can be broken with non-negligible probability. (This example is based on joint work with Bryan Parno.) I conclude that adversary definitions used in cryptographic-protocol analyses must come with "warning labels" regarding the models of computation assumed and the security vulnerabilities that might arise in practice when model mismatches arise. Good theory owes this to good practice.

Bio
Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He taught at the University of Maryland between 1976 and 2007, and is currently a Professor of Electrical and Computer Engineering at Carnegie Mellon University. He was an Editorial Board member of the ACM Transactions on Information System Security, and several IEEE Transactions (i.e., Dependable and Secure Computing, Computers, and Mobile Computing) and he is currently the Ediro In Chief of IEEE TDSC. Over the past three decades, his research interests ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was awarded the 2006 National Information Systems Security Award jointly given by NIST and NSA in the US for his contributions to security research.

Spectator: detection and containment of JavaScript worms

Ben Livshits, Microsoft Research

1pm, Thursday, September 11, 2008, 540 A/B, Cory Hall

Abstract
Recent popularity of interactive AJAX-based Web 2.0 applications has given rise to a new breed of security threats: JavaScript worms. We propose Spectator, the first automatic detection and containment solution for JavaScript worms. Spectator performs distributed data tainting by observing and tagging the traffic between the browser and the Web application. When a piece of data propagates too far, a worm is reported. To prevent worm propagation, subsequent upload attempts performed by the same worm are blocked. Spectator is able to detect fast and slow moving, monomorphic and polymorphic worms with a low rate of false positives. In addition to our detection and containment solution, we propose a range of deployment models for Spectator, ranging from simple intranet-wide deployments to a scalable load-balancing scheme appropriate for large Web sites. We demonstrate the effectiveness and efficiency of Spectator through both large-scale simulations as well as a case study that observes the behavior of a real-life JavaScript worm propagating across a social networking site. Spectator is able to detect all JavaScript worms released to date while maintaining a low detection overhead for a range of workloads.

Bio
Ben Livshits is a researcher at Microsoft Research in Redmond, WA. He received a B.A. from Cornell University in 1999, and his M.S. and Ph.D. from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. He is known for his work on software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. Lately he has been focused on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.

TBA Angela Sasse, University College London

1pm, Thursday, September 18, 2008, 540 A/B, Cory Hall

Abstract

Bio

TBA Helen Wang, Microsoft Research

1pm, Thursday, September 19, 2008, 540 A/B, Cory Hall

Abstract

Bio

TBA Tzi-cker Chiueh, Symantec

1pm, Thursday, October 16, 2008, 540 A/B, Cory Hall

Abstract

Bio

TBA Frank McSherry, Microsoft Research

1pm, Thursday, September 23, 2008, 540 A/B, Cory Hall

Abstract

Bio

TBA Gene Tsudik, University of California, Irvine

1pm, Thursday, November 6, 2008, 540 A/B, Cory Hall

Abstract

Bio

TBA George Gross, University Illinois, Urbana-Champaign

1pm, Thursday, November 20, 2008, 540 A/B, Cory Hall

Abstract

Bio

Details about how the seminar is managed can be found at How is the TRUST Seminar managed?