Tuesday, November 23, 2010

Microsoft TAP Interview w/ CyLab's Alessandro Acquisti



Microsoft TAP Interview w/ CyLab's Alessandro Acquisti

Technology – Academics – Policy (TAP), facilitated by Microsoft, is "a forum for academics leading the dialogue on the impact of technological innovation in the following areas: intellectual property, patents and licensing, cloud computing/software and services, competition policy and antitrust, economic growth and the knowledge economy, privacy and security."

Here is a recent TAP interview with Alessandro Acquisti, in two segments:



Tuesday, November 9, 2010

"Global Collaboration of a Dimension Rarely Seen" -- A Report from the InterACT Presidential Summit on the Globalized University


"We have brought together the seven member institutions of InterACT, to consider how InterACT is doing, what the benefits are to our institutions and what we might do more of moving forward ... It represents a global collaboration of a dimension that is rarely seen ..." Dr. Jared Cohon, President, Carnegie Mellon University

"Global Collaboration of a Dimension Rarely Seen" -- A Report from the InterACT Presidential Summit on the Globalized University

By Richard Power


Globalization and cyberspace are radically changing how we live, how we communicate, how we create, what we consume, where we work, as well as how we relate to allies and adversaries. For years, I have been writing and speaking about the profound impact of globalization and cyberspace on crime, war and espionage, along with the geopolitical struggle overarching them all.

So it was a pleasure to listen to a panel of university presidents and other leaders from major educational institutions throughout the world discuss their impact on education and research. The brighter the light, the less shadow there is; and common sense, as well our common humanity, tell us that global collaboration in education and research is one of the best of ways to increase the light, and thereby lesson the shadow.

How do you prepare students for this 21st Century world, so different from everything that came before it? How do you give them the edge? How do you prepare them to work together? How can you ensure that globalization is about building a new world instead of simply carving out the old one like a pumpkin? Hopefully, in the years to come, the International Center for Advanced Communications Technology (InterACT) will provide some powerful answers to these profound questions.

The event was part of a two-day InterACT Presidential Summit held at NASA Advanced Research Center in Mountain View, California, home of the Carnegie Mellon University Silicon Valley Campus (CMUSV).

InterACT is a joint center between seven of the leading institutions in the US, Europe and Asia:

Carnegie Mellon University, Pittsburgh and Silicon Valley, CA, USA
Hong Kong University of Science and Technology
Italian Institute of Technology, Genova, Italy
Karlsruhe Institute of Technology, Karlsruhe, Germany
National Institute of Information and Communications Technology, Tokyo, Japan
University of Southern California, Los Angeles, USA
Waseda University, Tokyo, Japan

Founded in 2004, the center is affiliated with the School of Computer Science at each institution.

And InterACT's mission? Train students, staff and faculty to operate in international research teams across multinational and multicultural boundaries. The center offers international exchange programs, seminars and academies and facilitates cross-national research projects. Research on technologies, processes and policies that facilitate and improve cross-cultural understanding, cross-lingual communication, transnational cooperation and collaboration.

Here are some of my notes from the Monday night "Presidential Panel" discussion.

In his welcoming remarks, the engaging Dr. Pete Worden, Director of NASA Ames, outlined not only the human space flight aspect of NASA's mission, but also other vital, although less widely understood aspects:

"We do science. And this has been a really neat few decades for science. We have revolutionized physics, largely due to discoveries made with various NASA space probes. We now understand that the matter we are made of is only three percent of the universe, so each new discovery shows we know less about the universe, and as a physicist that's job security so I love it, but it culminated in a great honor, a few years ago, with John C. Mather, a NASA civil service employee winning the Nobel Prize. It has been great to work at an agency where a government employee can win a Nobel Prize. The next couple of decades, I think, are going to be the decades for biology. That's a really exciting area, and we are looking for partnerships. How did life begin? Where else is it in the universe? And what's its future? We have right here at this center, one of the coolest missions, called Kepler; we're trying to find if there are Earth size planets around other stars ..."

"NASA also spends about a quarter of what it does to help people here on Earth ... We are trying to develop environmentally responsible aviation, lowering noise, lowering pollution, but most importantly steering away from carbon-based fuels, that's a really exciting area. At this center, we are also helping develop the next generation air traffic control system ... It is also largely a NASA mission's initiative that has been able to characterize global warming and climate change, this is an area that is extremely important; and in the next decade or so, we are going to be able to get site-specific climate prediction ..."

Prof. Dr. Alex Waibel of Carnegie Mellon University (CMU) and Karlsruhe Institute of Technology, the Director of InterACT, spoke on what InterACT is and what it is dedicated to accomplish:

"It is a somewhat unusual organization, or consortium, it's a network of universities that want to collaborate in preparing for a globalized future. Universities are by their definition and very nature typically local, and regional; they get funded by regional money, they are located in a regional area, and they teach local students -- traditionally. But the world is changing. We have spent the afternoon discussing the ways in which globalization and technologies really effect how we teach, and how universities will operate in the future. InterACT is a network of universities, so it it not export of education, it is universities that consider themselves top in the world, in different regions of the world, who collaborate and work together to do student exchanges, joint research projects, mutual faculty exchange, summer schools, and distinguished lectures, and thereby have a really active exchange between the best in the world, and in the major regions of the world. Our panel ... is the first time we have such a lucky constellation of getting the presidents of these top universities to come together in one place and actually discuss what this future would look like."

Dr. Ed Frank, an Apple Vice President, and also a member of the CMU Board of Trustees (as well as a CMU alumnus), moderated the august. The questions Frank framed and poised, included: What are your current efforts to prepare for globalization? How will technology change the mission of a research university, both in terms of how you teach and what you teach? What will be possible and when? What pieces of technology will allow us to change how we teach and how students learn?

Here are three of the seven responses to Frank's question on what the member institutions were doing currently to prepare for globalization, one from North America, one from Asia and one from Europe --

Dr. Jared L. Cohen, President of Carnegie Mellon University (CMU):

"In the last decade, Carnegie Mellon has become much more global than it ever was before. We are striving to become a global university, even though no one knows what that is. When we get there, we will discover it. We are so committed for two reasons: First, the world in which our current students will graduate is already highly connected; it is a global economy, they have to know how to work across cultures, and be comfortable moving from one culture to another. Therefore, our university should be global in its composition, and in what it does. Second, for the future of Carnegie Mellon University we have to be where the growth in economies and influence is taking place. And we have acted on these two ideas. Today, 30% of our students in Pittsburgh are international students (i.e., foreign passport carriers), that is one of the highest percentages for any university in America ... We now have campuses here [in Silicon Valley], in Doha, Qatar, and in Adelaide, Australia, with major programs in Portugal, Taiwan, Korea, Singapore, and we're working on Rwanda and India."

Prof. Dr. Katsuhiko Shirai, President of Waseda University:

"Our main effort toward globalization was to found a university over in Hong Kong, we are less than twenty years old, eighteen years I think, and we rank extremely high in all the fields we cover: science, technology and business. Ninety percent of the faculty came from North America. That's five hundred faculty. About fifty-five percent from the top twenty universities, if we include Oxford and Cambridge as North America. It is a one hundred percent English language university in a region which is obviously overwhelming Chinese-speaking. The internalization effort in regard to our student body has exploded; we have now more than twelve percent of the student body coming from mainland China, but we also have an exploding body of European and American students, not just exchange but full-time. We are very welcoming of programs such as InterACT and other international collaborations. This is the healthiest way to move forward in terms of globalization; and we are playing a unique role in greater China, in so far as we are a very American university, we are the only very American university in the region, and yet, we have very strong ties to both our colleagues on the mainland and of course our roots in the West. And we are hoping that programs such as InterACT can provide the bridge that will lower the barriers across the entire globe."

Prof. Dr. Horst Hippler, President of Karlsruhe Institute of Technology:

"Our university has always been a very international university. We have had twenty-five percent foreign students for a hundred years or more. But I understand the question a little bit differently. Internationalization or globalization. Internationalization is fine, being open for people from other parts of the world to come to your place. But how do you prepare your students and faculty for the new challenges of globalization. That is a little bit different. For this purpose we ... promote social competences and other things, before they go abroad, before they go to industry, so they are prepared, that they understand that the world is different than at home. Even if they have good friends from the international community of students going to a another country is a different event in your life, and what is very important is that we have a very good language school to prepare those students in many languages, before you go into a different country, you have to learn the language. English is fine, but for me English is something like a tool; but if you go to a different country that is not England, or America, or Australia, you should learn the basics of this language. Globalization has something to do with learning the difference of the cultures, and doing this very early. And that is a purpose of ours, at our university, that is how we are preparing for globalization."

At the conclusion of the far-ranging, hour-long discussion, Dr. Cohon, provided a summarizing statement on behalf of InterACT, as a whole:

"We have brought together the seven member institutions of InterACT, to consider how InterACT is doing, what the benefits were to our institutions and what we might do more of moving forward. The seven institutions strongly endorse InterACT. We believe it has been very successful, we believe that all of our institutions have benefited from it, and it has produced real results in the form of research, and education. It represents a global collaboration of a dimension that is rarely seen, but is growing rapidly, and we will provide a lot of leavening for others. We received very good presentations on four technology areas: speech and translation technology, mobility technology, robotics and educational technology, and then talked about what all of these four realms might mean for education and research in our institutions. We concluded that we have no doubt that these technologies have already started changing our institutions and they way we pursue our business, and will change them even more just in the ways we have heard discussed by the panel tonight. As a group of institutions we want to embrace this change, develop the technologies further, and I should say collectively our institutions are leaders in these areas of technology, which is a very good thing. We want to continue to be leaders. But we want also to pursue how we can use these technologies to improve our own institutions. One new theme, in particular, that we recommend to our faculty colleagues is to pursue a comparative research project, taking advantage of the fact that we are three institutions in Asia, two in Europe and two in the United States, and to try to understand how these technologies may play out differently in those different cultures, with a special focus on education technologies. This would be a good way to leverage this unique global collaboration, and I commit publicly to doing what we can to find the funding to support this ..."

Friday, October 15, 2010

7th Annual CyLab Partners Conference: Dan Geer on "Cyber Security as a National Policy Issue"

The United States ability to project power depends on information technology, and as such, cyber insecurity is the paramount national security risk. Dan Geer, CyLab Partners Conference, 9-29-10

7th Annual CyLab Partners Conference: Dan Geer on "Cyber Security as a National Policy Issue"

This is a brief excerpt from a presentation at the 7th Annual CyLab Partners Conference, held in at the Pittsburgh, PA. campus from September 29 through October 1, 2010.

The CyLab Partners Conference provides an opportunity for cyber security leaders in business and government to immerse themselves in the latest developments drawn from CyLab's world-class research program. It is a benefit of membership in CyLab Corporate Partners Program.

Full length videos of these talks, as well as a complete archive of researcher presentations, related student posters, etc. are available exclusively on the CyLab Partners Portal. Access to the Portal is given only to participants in the Partners Program.

For more information on how and why to become a CyLab Partners, visit CyLab Online at http://www.cylab.cmu.edu

7th Annual CyLab Partners Conference: Dena Haritos-Tsamitis on CyLab's Educational Mission



7th Annual CyLab Partners Conference: Dena Haritos-Tsamitis on CyLab's Educational Mission

This is a brief excerpt from a presentation at the 7th Annual CyLab Partners Conference, held in at the Pittsburgh, PA. campus from September 29 through October 1, 2010.

The CyLab Partners Conference provides an opportunity for cyber security leaders in business and government to immerse themselves in the latest developments drawn from CyLab's world-class research program. It is a benefit of membership in CyLab Corporate Partners Program.

Full length videos of these talks, as well as a complete archive of researcher presentations, related student posters, etc. are available exclusively on the CyLab Partners Portal. Access to the Portal is given only to participants in the Partners Program.

For more information on how and why to become a CyLab Partners, visit CyLab Online at http://www.cylab.cmu.edu

Friday, September 17, 2010

CyLab Seminar Video Excerpt: Lujo Bauer - Why Usability Can't Be Just Skin Deep



This CyLab You Tube Channel video is a brief excerpt from a CyLab Seminar featuring CyLab faculty member Lujo Bauer speaking on Why Usability Can't Be Just Skin Deep (2/22/10).

CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Seminar Video Excerpt: Anupam Datta - Modularity in Computer Security



This CyLab You Tube Channel video is a brief excerpt from a CyLab Seminar featuring CyLab faculty member Anupam Datta speaking on Modularity in Computer Security (2/22/10).

CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Seminar Video Excerpt: Bruno Sinopoli on Sensing, Estimation & Control of Cyber-Physical Systems



This CyLab You Tube Channel video is a brief excerpt from a CyLab Seminar featuring CyLab faculty member Bruno Sinopoli speaking on - Sensing, Estimation and Control of Cyber-Physical Systems(5/4/10).

CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Seminar Video Excerpt: Alessandro Acquisti on Frogs & Herds: Behavioral Economics, Malleable Privacy Valuations ...



This CyLab You Tube Channel video is a brief excerpt from a CyLab Seminar featuring CyLab faculty memner Alessandro Acquisti, speaking on Frogs and Herds: Behavioral Economics, Malleable Privacy Valuations, and Context-dependent Willingness to Divulge Personal Information (4/6/10).

CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

Friday, August 13, 2010

Voltaire Lives: A Report from USENIX Security Symposium 2010

Voltaire was one of several Enlightenment figures (along with Montesquieu, John Locke and Jean-Jacques Rousseau) whose works and ideas influenced important thinkers of both the American and French Revolutions. -- Wikipedia


Voltaire: A Report from USENIX Security Symposium 2010

By Richard Power


The 19th USENIX Security Symposium, held in Washington, D.C., delivered a high caliber program, engaging and commercial-free(er), just as I have come to expect from attending this event on a regular basis over the years.

It is always refreshing to attend a conference that's primary function isn't simply to serve as an excuse to hold a trade show, which are, of course, populated by sales personnel who don't understand what the products they are selling, let alone the problems those products are supposed to address (and usually don't).

Here are some of my notes from this year's Symposium.

Proving Voltaire Right

"Common sense is not so common." -- Voltaire (1694‐1778)

It isn't difficult to prove Voltaire right, of course. But civilization is just a little bit better off, whenever someone does. And as I am confident you have noticed, these days, civilization needs all the help it can get.

In his keynote talk, "Proving Voltaire Right: Security Blunders Dumber Than Dog Snot," Roger G. Johnston of Argonne National Laboratory, spoke about the work of the Lab's Vulnerability Assessment Team, "a multi-disciplinary team of physicists, engineers, hackers, and social scientists," and highlighted some fascinating evidence and powerful insights on blunders in numerous aspects of security, e.g., "while publishing guidelines encouraging Member States to conduct background checks on key personnel... The IAEA does no significant background checks on its own employees, including nuclear inspectors."

Johnston spoke of his team's research into GPS spoofing: "It's easy to do with widely available GPS satellite simulators," which can be "purchased, rented, or stolen" and are "not export controlled." "Many are surprisingly user friendly. Little expertise is needed (in electronics, computers, or GPS) to use them."

The easily realizable nature of GPS spoofing attacks, Johnston remarked, translates into a plethora of potential threats: "Crash national utility, financial, telecommunications and computer networks that rely on GPS for critical time synchronization. Steal cargo or nuclear material being tracked by GPS. Install false time stamps in security videos or financial transactions. Send emergency response vehicles to the wrong location after an attack. Interfere with military logistics (DoD uses civilian GPS for cargo). Interfere with battlefield soldiers using civilian GPS (against policy, but common practice anyway). Spoof GPS ankle bracelets used by courts and GPS data loggers used for counter-intelligence ..."

"The creativity of the adversary," Johnston added, "is the only limitation."

Another big security blunder Johnston focused in on was "Thinking Engineers Understand Security." Engineers, he observed, "work in solution space, not problem space ... They make things work but aren't trained or mentally inclined to figure out how to make things break. They view Nature as the adversary, not the bad guys. They tend to think technologies fail randomly, not by deliberate, intelligent, malicious intent. They are not typically predisposed to think like bad guys."

Johnston also articulated some of the wrong assumptions that undermine much of the work done in terms of vulnerability assessments (VA), including thinking that "there are a small number of vulnerabilities, that most or all can be found & eliminated, that vulnerabilities are bad news, and that a VA should ideally find zero vulnerabilities," and well as working with "modular VAs or other artificial constraints, using only security experts, not thinking like the bad guys and thinking the good guys get to define the problem."

Johnston gave a compelling presentation, and as a keynote, it was a bold counterpoint to one of the most technically driven conference agendas in the field of cyber security.

Best Paper and Best Student Paper Awards

A record number of papers were submitted, 207, one paper was withdrawn by the authors, three papers were withdrawn for double submission, and one was withdrawn for "outright plagiarism." So 202 papers went into consideration. There were two rounds of reviews; two reviews in each round. In the first round, 41 papers were rejected in the first round, leaving 161 for the second round. In the second round, each paper got three to five reviews. At the end of the second round, 76 papers advanced. After two days of conference, there were 38 papers remaining. Since only 30 papers could fit into the program, eight had to be rejected although worthy of presentation.

The USENIX Security Symposium's Best Student Paper Award went to Robert N. M. Watson, and Jonathan Anderson of University of Cambridge, and Ben Laurie and Kris Kennaway of Google UK Ltd., for "Capsicum: Practical Capabilities for UNIX."

The authors describe Capsicum as "a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9" and as "a practical capabilities extension to the POSIX API, and a prototype based on FreeBSD, planned for inclusion in FreeBSD 9.0."

"Our goal has been to address the needs of application authors who are already experimenting with sandboxing, but find themselves building on sand when it comes to effective containment techniques. We have discussed our design choices, contrasting approaches from research capability systems, as well as commodity access control and sandboxing technologies, but ultimately leading to a new approach. Capsicum lends itself to adoption by blending immediate security improvements to current applications with the long-term prospects of a more capability-oriented future. We illustrate this through adaptations of widely-used applications, from the simple gzip to Google’s highly-complex Chromium web browser, showing how firm OS foundations make the job of application writers easier. Finally, security and performance analyses show that improved security is not without cost, but that the point we have selected on a spectrum of possible designs improves on the state of the art."

The USENIX Security Symposium's Best Paper Award went to Sruthi Bandhakavi, Samuel T. King, P. Madhusudan and Marianne Winslett of the University of Illinois (Urbana Champaign) for "VEX: Vetting Browser Extensions for Security Vulnerabilities."

They describe VEX as "a framework for highlighting potential security vulnerabilities in browser extensions by applying static information-flow analysis to the JavaScript code used to implement extensions."

"Our main thesis is that most vulnerabilities in web extensions can be characterized as explicit flows, which in turn can be statically analyzed. VEX is a proof-of-concept tool for detecting potential security vulnerabilities in browser extensions using static analysis for explicit flows. VEX helps automate the difficult manual process of analyzing browser extensions by identifying and reasoning about subtle and potentially malicious flows. Experiments on thousands of extensions indicate that VEX is successful at identifying flows that indicate potential vulnerabilities. Using VEX, we identify three previously unknown security vulnerabilities and three previously known vulnerabilities, together with a variety of instances of unsafe programming practices."

And Yes, A CyLab Researcher Made Some Headlines

CyLab and Carnegie Mellon Silicon Valley researcher Collin Jackson is doing important work in the browser security and privacy space, and some of it bubbled up at this year's Symposium.

Here is brief excerpt from the Computerworld story, with a link to the full text:

Browsing in "private mode" isn't as private as users think, a researcher said today.
"There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University. Jackson, along with three colleagues from Stanford University, will present their findings later today at the Usenix Security Symposium in Washington, D.C.
Internet Explorer (IE), Firefox, Chrome and Safari offer private browsing intended to cloak a user from Web sites and erase all browsing evidence from the PC or Mac.
Gregg Keizer, Browsers' private modes leak info, say researchers, Computerworld, 8-10-10

See Also

Android Security, Naked Keystrokes, Selling Viagra, Crying Wolf & More! -- A Report from the 18th USENIX Security Symposium (Montreal, 2009)

And Other CyBlog Conference Coverage ...

BlackHat USA 2010: How to Turn ATMs Into Jackpotted Slots, Basejump the GSM, Lift Malware Developer's Fingerprints & Face Our Existential Dilemma

SOUPS 2010: Insight into Usable Privacy & Security Deepens at 6th Annual Symposium

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

CyLab Research has Powerful Impact on 2010 IEEE Security & Privacy Symposium

From Parking Meters to the Cloud, from SMS to Smart Grids ... Is Everything Broken? -- Report from Black Hat Briefings (Las Vegas 2009)

RSA 2010: Lost in the Cloud, & Shrouded in the Fog of War, How Far Into the Cyber Future Can You Peer? Can You See Even Beyond Your Next Step?

Reflections on SOUPS 2009: Between Worlds, Cultivating Superior Cleverness, Awaiting a Shift in Consciousness

RSA Conference 2009: Summary of Posts

Wednesday, July 28, 2010

BlackHat USA 2010: How to Turn ATMs Into Jackpotted Slots, Basejump the GSM, Lift Malware Developer's Fingerprints & Face Our Existential Dilemma






BlackHat USA 2010: How to Turn ATMs Into Jackpotted Slots, Basejump the GSM, Lift Malware Developer's Fingerprints & Face Our Existential Dilemma

By Richard Power


Flying into Las Vegas at dawn for the first day of BlackHat USA 2010, I once again felt the poignancy of this extraordinary place. From the original Ocean's Eleven (1960) to Martin Scorsese' Casino (1995), from Howard Hughes to Hunter S. Thompson, Las Vegas is the stuff of legends.

As I walked to the taxi stand, I wondered, which is more remarkable, the incredible heat and dryness of this desert, or the incredible flow of energy and water demanded to sustain this desert city?

And, of course, in Las Vegas, all around you, every moment of the day, the sun beats down, offering all the energy you would need to negate the heat it generates; and of course that energy is yet to be tapped.

Ah, the human folly.

Now the subject of human folly provides an excellent segue way to the cyber security scene here at the end of the first decade of the 21st Century.

In his opening remarks of Jeff Moss (the man who launched BlackHat way back when), made an important point: “We are all heads’ down, working on technical, specific problems. Everyone once in awhile it is probably a pretty good idea to get an idea about ‘what’s the bigger world we are all operating in, what is the larger context we do this for, is it for society, or your business, or your personal advancement? ... What security problems have we fundamentally solved? I can’t really think of any real big things we have killed. Can we send e-mail securely? I don’t think so. Can we write a packet securely? Can we browse the Web securely? No. But we’ve got 50,000 new vendors, and lots of widgets. I am trying to understand what is the incentive? How do we solve these larger problems that are so fundamental, the underpinnings of everything we do? For our country and for every country in the world the Internet is an engine for innovation and commerce. And yet , we do not seem capable of putting the energy forth to secure the fundamental underpinnings .. In whatever endeavor you are in I want you to think about how we can fix the underlying fundamentals."

Moss' creation, BlackHat continues to evolve, year after year, both as an important industry event and as an invaluable technical resource.

Here are some highlights from three of the sessions that I found compelling.

The Grugq, who lives in Thailand, and works as a senior security researcher for Singapore-based Coseinc, spoke on "Base Jumping: Attacking the GSM Baseband and Base Station."

The Grugq gave an overview of the GMS protocol and infrastructure, and then explained some GSM attacks: RACHell, in which the attacker floods the BSS with requests and prevents everyone from using that cell, IMSI Flood, in which the attacker overloads the HLR/VLR infrastructure, and prevents everyone from using the network, and IMSI DETACH, in which the attacker sends multiple Location Update Requests, including a spoofed IMSI, and prevent a SIM from receiving calls and SMS.

In his understated conclusions, Grugq observed: "GSM is no longer a walled garden. GSM spec has security problems. Expect many more issues as OSS reduces costs for entry."

Greg Hoglund of HBGary, Inc. spoke on "Malware Attribution: Tracking Cyber Spies and Digital Criminals."

Hoglund suggested that in a world where "the largest computing cloud" is "controlled by Conficker," we should be paying more attention to the creators of such malicious programs: "Attribution is about the human behind the malware, not the specific malware variants; and that the focus must be on human influenced factors."

He went on to show that on a spectrum of intelligence sources regarding the originators of malware, ranging from "nearly useless" (e.g., blacklists) to "nearly impossible" (physical surveillance/HUMINT), "Developer Fingerprints" (e.g.,"IDS signatures with long‐term viability") occupied a "Sweet Spot."

Hoglund offered some compelling evidence that malware attribution was "possible through forensic toolmarking combined with both open and closed source intelligence."

Barnaby Jack, Director of Research at IOActive Labs, spoke, to an overflowing audience, on "Jackpotting Automated Teller Machines Redux."

To loud laughter from the audience, Jack cited the disturbing words of Windows CE developer, Thomas Fenwick: “We were concerned about protection, but not about security. We weren’t trying to design an airtight system like Windows NT.”

Then Jack proceeded to take us step by step through turning a stand-alone ATM machine into the equivalent of a Vegas slot machine that had hit the jackpot, and highlighting the tools he has developed to do so, Scrooge, his own rootkit, and Dillinger, his own remote attack and administration tool, which allows for "management of unlimited ATMs."

By the end of Jack's stunning presentation, the two ATMs on the stage were spitting out dollar bills to uproarious applause.

What a compelling metaphor for the state of cyber security in the last year of the first decade of the 21st Century.

Jack offered some suggestions in terms of countermeasures, including "offer upgrade options on physical locks," and "implement trusted environment."

See Also

From Parking Meters to the Cloud, from SMS to Smart Grids ... Is Everything Broken? -- Report from Black Hat Briefings (Las Vegas 2009)

And Other CyBlog Conference Coverage ...

SOUPS 2010: Insight into Usable Privacy & Security Deepens at 6th Annual Symposium

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

CyLab Research has Powerful Impact on 2010 IEEE Security & Privacy Symposium

RSA 2010: Lost in the Cloud, & Shrouded in the Fog of War, How Far Into the Cyber Future Can You Peer? Can You See Even Beyond Your Next Step?

Android Security, Naked Keystrokes, Selling Viagra, Crying Wolf & More! -- A Report from the 18th USENIX Security Symposium (Montreal, 2009)

Reflections on SOUPS 2009: Between Worlds, Cultivating Superior Cleverness, Awaiting a Shift in Consciousness

RSA Conference 2009: Summary of Posts

Sunday, July 18, 2010

TIW 2010: Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research" (6-9-10)

Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University (Part I)



Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University (Part II)



Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University (Part III)



Jonathan McCune for Adrian Perrig on "Software-Based Attestation: History, Constructions, Applications, Current State of Research," TIW 2010, 6-9-10, CyLab/Carnegie Mellon University (Part IV)



For more information on TIW 2010:

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

CyLab Chronicles: A Report on TIW 2010

Trustworthy Infrastructure Workshop (TIW) 2010

TIW 2010: Research Workshop Panel Discussion - Adrian Perrig, Jonathan McCune. (6-9-10)

TIW 2010 Research Workshop Panel Discussion: Adrian Perrig, Jonathan McCune. 6-9-10, CyLab/Carnegie Mellon University



TIW 2010 Research Workshop Panel Discussion: Adrian Perrig, Jonathan McCune. 6-9-10, CyLab/Carnegie Mellon University (Part II)



TIW 2010 Research Workshop Panel Discussion: Adrian Perrig, Jonathan McCune. 6-9-10, CyLab/Carnegie Mellon University (Part III)



TIW 2010 Research Workshop Panel Discussion: Adrian Perrig, Jonathan McCune. 6-9-10, CyLab/Carnegie Mellon University (Part IV)



For more information on TIW 2010:

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

CyLab Chronicles: A Report on TIW 2010

Trustworthy Infrastructure Workshop (TIW) 2010

TIW 2010: Virgil Gligor Delivers "A Challenge for Trustworthy Computing" (6-7-10)

Virgil Gligor, CyLab Director, issues "A Challenge for Trustworthy Computing" at TIW 2010 on the Carnegie Mellon Campus, in Pittsburgh, Pa., on 6-7-10. (Part I)



Virgil Gligor - Part II - Axioms (continued), (Ir)relevance of Virtualization to Humans



Virgil Gligor - Part III - (Ir)relevance of Security Kernels to Assurance, Conclusions



For more information on TIW 2010:

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

CyLab Chronicles: A Report on TIW 2010

Trustworthy Infrastructure Workshop (TIW) 2010

Saturday, July 17, 2010

CyLab Business Risks Forum: Cormac Herley - "Everything You Know About Cybercrime is Wrong"



CyLab Business Risks Forum: Cormac Herley - "Everything You Know About Cybercrime is Wrong" (4-26-10)

This CyLab You Tube Channel video is a brief excerpt from a CyLab Business Risks Forum event featuring
Cormac Herley
, Principal Researcher at Microsoft Research, speaking on "Everything You Know About Cybercrime is Wrong."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Ed Stroz - "Manipulation of Digital Evidence in Investigations"



CyLab Business Risks Forum: Ed Stroz - "Manipulation of Digital Evidence in Investigations" (3-22-10)

This CyLab You Tube Channel video is a brief excerpt from a CyLab Business Risks Forum event featuring Ed Stroz of Stroz Friedburg, speaking on "Manipulation of Digital Evidence in Investigations."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Christoper Burgess - "Common Sense Approach to Social Media"



CyLab Business Risks Forum: Christoper Burgess - "Common Sense Approach to Social Media"(1-25-10)

This CyLab You Tube Channel video is a brief excerpt from a CyLab Business Risks Forum event featuring Christoper Burgess, co-author of Secrets Stolen, Fortunes Lost, and a Senior Security at Cisco Systems, speaking on "Common Sense Approach to Social Media."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Erin Kenneally - "Information Sharing vs. Privacy, Is it a Celebrity Death Match?"



CyLab Business Risks Forum: Erin Kenneally - "Information Sharing vs. Privacy, Is it a Celebrity Death Match?"(11-16-09)

This CyLab You Tube Channel video is a brief excerpt from CyLab Business Risks Forum: Erin Kenneally on "Information Sharing vs. Privacy - Is it a Celebrity Death Match?"

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Richard Power - "Starting Over After A Lost Decade; In Search of a Bold New Vision for Cyber Security"



CyLab Business Risks Forum: Richard Power - "Starting Over After A Lost Decade; In Search of a Bold New Vision for Cyber Security" 10-26-09

This CyLab You Tube Channel video is a brief excerpt from CyLab Business Risks Forum: Richard Power on "Starting Over After A Lost Decade; In Search of a Bold New Vision for Cyber Security."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Jennifer Bayuk - "Enterprise Security for the Executive: Setting the Tone From the Top"



CyLab Business Risks Forum: Jennifer Bayuk - "Enterprise Security for the Executive: Setting the Tone From the Top"(09-28-09)

This CyLab You Tube Channel video is a brief excerpt from CyLab Business Risks Forum: cyber security expert and author Jennifer Bayuk on "Enterprise Security for the Executive: Setting the Tone From the Top."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Rebecca Herold - Convergence of Information Security, Privacy and Compliance



CyLab Business Risks Forum: Rebecca Herold, "Convergence of Information Security, Privacy and Compliance" (2-23-09)

This CyLab You Tube Channel video is a brief excerpt from CyLab Business Risks Forum: Rebecca Herold of www.rebeccaherold.com on "Convergence of Information Security, Privacy and Compliance."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

CyLab Business Risks Forum: Mike Susong - Electronic Crime Ecosystem: Evolution from Cold War to Cold Cash



CyLab Business Risks Forum: Mike Susong - "Electronic Crime Ecosystem: Evolution from Cold War to Cold Cash" (1-26-09)

This CyLab You Tube Channel video is a brief excerpt from CyLab Business Risks Forum: Mike Susong of iSIGHT Partners on "Electronic Crime Ecosystem: Evolution from Cold War to Cold Cash."

The CyLab Business Risks Forum is a part of the CyLab Seminar Series.

Forum events feature guest speakers from business and government, invited by CyLab Distinguished Fellow, Richard Power.

CyLab Business Risks Forum and CyLab Seminar Series events are open to CyLab Partners and to Carnegie Mellon CyLab faculty and students.

Full-length recordings of these talks are available via the CyLab Partners Portal, and access to the Portal is only granted to participants in the CyLab Partners Program.

For more information on how and why to become a CyLab Partner, visit CyLab Online at http://www.cylab.cmu.edu.

Friday, July 16, 2010

SOUPS 2010: Insight into Usable Privacy & Security Deepens at 6th Annual Symposium

Carnegie Mellon students Richard Shay and Saranga Komanduri present on "Encountering Stronger Password Requirements: User Attitudes and Behaviors" at SOUPS 2010 (Photo credit: Lujo Bauer)


SOUPS 2010: Insight into Usable Privacy & Security Deepens at 6th Annual Symposium

By Richard Power


SOUPS 2010 is the sixth annual event, and the third one it has been my pleasure to cover. It is also the second year in a row that the event was held at one of the centers of true power in cyberspace; last year it was held at the Google campus in Silicon Valley, this year it was held at Microsoft campus in Redmond, Washington.

Adam Shostack, a program manager for Microsoft's Trustworthy Computing Initiative, gave the Invited Talk. Shostack's presentation was titled, "Engineers Are People, Too."

Cormac Herley and Dinei Florencio of Microsoft Research won the Best Paper Award for their "Where Do Security Policies Come From?

To give you a feeling and a sense for the nature of the research explored at SOUPS 2010, here are some brief excerpts from the papers presented on just one day:

Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices by Sara Motiee, Kirstie Hawkey and Konstantin Beznosov, University of British Columbia (Vancouver, B.C.):

All our participants used an admin account on their laptop. Although 71% had a partial understanding of the limitations and rights of each user account type, 91% of participants were not aware of the security risks of high-privilege accounts or the security benefi ts of low-privilege ones. Also, while 62% had experienced a low-privilege user account, they were not motivated to use it on their own laptops be- cause of the limitations they had faced using these accounts.

"Encountering Stronger Password Requirements: User Attitudes and Behaviors" by Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin and Lorrie Faith Cranor, Carnegie Mellon University (Pittsburgh, PA.):

Our results reveal flaws in NIST's assumptions. NIST bases its per-password entropy estimates on several assumptions that are inconsistent with our findings [2]. They assume users will create passwords of the minimum required length, but our results show an average length more than two characters above the minimum. NIST also assumes users will have the minimum number of special characters, but our participants frequently indicated using more. Over two-thirds of users who responded said they used more than the one required number. It would be useful to examine larger sets of passwords created under a variety of password policies to provide empirical data to improve the NIST guidelines.

"A Closer Look at Recognition-based Graphical Passwords on Mobile Devices" by
Paul Dunphy of Newcastle University (Newcastle upon Tyne, U.K.), Andreas Heiner and N. Asokan of Nokia Research (Helsinki, Finland):

Despite the increasing presence of biometrics for user authentication on consumer electronics e.g. laptops, knowledge-based authentication systems are likely to remain attractive due to being purely software-based solutions. Graphical password systems based on recognition potentially have a role to play in this area, due to accurate user performance in previous studies, including this one. One key limitation however, is that login durations recorded for our systems – and others – are still too long. User acceptance is often driven by convenience and login durations of approximately 20 seconds are unattractive to many users.

"Usably Secure, Low-Cost Authentication for Mobile Banking" by Saurabh Panjwani and Ed Cutrell of Microsoft India:

While the design of secure and usable authentication for banking applications is a well-studied problem in the developed world, applying the same solutions to developing-world mobile banking is a challenge, primarily due to the limited capacity of the phones available in these regions. Amongst all mobile banking providers in the world, EKO is unique ... In this paper, we have demonstrated a security weakness in EKO’s solution which causes the privacy of user PINs to be easily compromised. On the positive side, we have also shown an alternative solution which not only fixes this problem with EKO’s scheme but also improves its usability and user-friendliness. This is an absolute win-win situation for user-centric security design – better security with better usability. Our research has potential implications for banking in the developed world also. While ATM-based banking is claimed to offer secure 2-factor authentication, such claims have considerably weakened with the increasing incidence of skimming attacks in the recent past ...

"Two Heads are Better Than One: Security and Usability of Device Associations in Group Scenarios" by Ronald Kainda, Ivan Flechais and Andrew William Roscoe of Oxford University (Oxford, U.K.):

We have analysed, evaluated and compared methods for transferring ngerprints among devices for the purpose of bootstrapping security in group scenarios. While it has been believed that group settings may be more subject to failures during the association process compared to single user pair-wise associations, our findings show the converse to be true ...
Based on participants' feedback and video analysis, we concluded that in group settings security of device association is a function of a sum of efforts rather than weakest link. Data further revealed that users rarely read instructions before using a new system but learn as they 'get on with it.' Users also believe that a secure system must be complex and difficult to use. In addition we realised how contextualising laboratory studies can lead to richer data and responses from participants.


"Influence of User Perception, Security Needs, and Social Factors on Device Pairing Method Choices" by Iulia Ion and Srdjan Capkun of ETH Zurich (Zurich, Switzerland), Marc Langheinrich of University of Lugano (Lugano, Switzerland) and Ponnurangam Kumaraguru of IIIT Delhi (New Delhi, India):

Creating a technically secure and highly usable method is not always sufficient to meet users' needs. The method should also comply with users' security perception and be appropriate for the specific social situation.
1. Map perceived security to method guarantees: Designers should create methods whose actual security guarantees are consistent with users' perceived security. To achieve this, it might be necessary to introduce redundant steps, controls, cancel buttons, and double confirmations.
2. Include security by default: We detected several mismatches between users' mental models and system designs, which prove the need to include security by default when dealing with sensitive data, such as a customer entrusting a confidential financial report or a bank issuing a credit card. Also, our results show users' willingness to have security enabled by default.
3. Support several methods: Some users liked Take a picture very much and disliked Listen up, and others felt exactly the opposite. To account for diverse personal preferences, mobile devices should support a set of different pairing methods.
4. Account for social factors: No single method is adequate for all situations. Users are likely to bypass security before breaking social norms. Designers should provide appropriate methods for professional environments, public and private places, and interaction with friends or strangers. The user could, for instance, choose between several variants: meeting mode, quiet room mode, professional mode, play/fun mode, etc.


The full text of these papers, as well as the others presented at SOUPS 2010, are available from the event's official site; along with information on two workshops held: Usable Security Experiment Reports (USER) and Security & Privacy Usability Technology Transfer: Emerging Research (SPUTTER).

See Also

NSF Awards Grant for Privacy Study to CyLab Researchers Acquisti, Cranor and Sadeh

CyLab Chronicles: Q and A with Lorrie Cranor (2010)

Reflections on SOUPS 2009: Between Worlds, Cultivating Superior Cleverness, Awaiting a Shift in Consciousness

Glimpses into the Fourth Annual Symposium on Usable Security and Privacy (SOUPS 2008)

Monday, June 14, 2010

CyLab's Lorrie Cranor, Virgil Gligor & Lujo Bauer Contribute Support & Share Insights on Access Control at SACMAT 2010

Left to Right: Panelists Mike Reiter, Lorrie Cranor, Ravi Sandhu and Carl Gunter (SACMAT 2010)


CyLab's Lorrie Cranor, Virgil Gligor & Lujo Bauer Contribute Support & Share Insights on Access Control at SACMAT 2010

by Richard Power


Trusted Infrastructure Workshop (TIW) 2010 wasn't the only important research-oriented event that Carnegie Mellon CyLab was integrally involved in last week, it was also making a significant contribution to the 15th Association for Computing Machinery (ACM) Symposium on Access Control Models and Technologies (SACMAT 2010), being held downtown at the Marriott Renaissance Hotel.

Carnegie Mellon CyLab joined with Mobility, Data Mining and Privacy (MODAP), a project funded by the European Union (EU), and University of Pittsburgh Laboratory for Education and Research on Security Assured Information Systems (LERSAIS) to provide invaluable support for the ACM Special Interest Group on Security, Audit and Control (SIGSAC) sponsored event.

In addition to this organizational support, three CyLab team members participated in the SACTMAT program: CyLab Director Virgil Gligor delivered one of the keynotes, "Architectures for Practical Security," Lorrie Cranor, Director of the CyLab Usable Privacy and Security Lab (CUPS) joined in a panel on "Solving the Access-Control Puzzle: Finding the Pieces and Putting Them Together," and CyLab research faculty member Lujo Bauer served as one of the chairs for SACMAT 2010, and as a panel moderator.

CyLab Director Virgil Gligor keynoting at SACMAT 2010

SACMAT 2010 features presentations and discussions on issues and trends in Access Control, from "Towards Analyzing Complex Operating System Access Control Configurations" (Purdue University) to "Stateminer: An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy" (University of Pittsburgh), and from "A Card Requirements Language Enabling Privacy-Preserving Access Control" (IBM Research Zurich) to An Access Control Model for Mobile Physical Objects (SAP Research).

In the panel on "Solving the Access-Control Puzzle: Finding the Pieces and Putting Them Together, Dr. Cranor shared her views with three other experts, Carl Gunter, University of Illinois at Urbana Champlain, Mike Reiter, University of North Carolina at Chapel Hill and Ravi Sandhu, University of Texas at San Antonio.

The panel's two moderators, CyLab's Lujo Bauer and Adam J. Lee, University of Pittsburgh, articulated three intriguing questions for the panelists to answer:

1. "What are some new or currently emerging topics that show a lot of promise to shape either practice or research, or both, over the next five to ten years?"

2. "What are a couple of areas that would benefit from interaction, that have typically been studied separately, i.e., pair x and y within Access Control and come up with something greater than the sum of its parts?"

3. "What is something that is getting tired? What have we explored to death."


Here are a few brief excerpts from the panelists' responses:

Mike Reiter: "What I think needs to be done in this field is to provide some way in which the system can assist the user, by leveraging evidence in the system to guide policy management. It shocks me that in all the time we have been working on access control, the process that the average user faces is still remarkably manual."

Ravi Sandhu: "To the first question: in one word, we need more automation ...We need to pay much more attention to automation than we are doing ... Things that have been sufficiently mined, and should be set aside: there was no shortage of things to put up here, but I thought it would be provocative to say SE Linux, on which I believe the US government has wasted a tremendous amount of taxpayer money, and they should stop doing it!"

Carl Gunther: "We have a number of access control models that people are very happy with, that they have done a lot of work with, and that have been shown to have some widespread applicability ... ABAC, RBAC, DTM. Yet, there is another level of work that has fallen short, and that requires more attention, a level that is different from what these models address, I will call it broadly 'process support for identity access management."

Lorrie Cranor: "A research area that requires more attention? Well, I would say that is access control with usability. A research area that has been sufficiently mined, and can be set aside? I would say that would be pretty much anything involving access control without usability. And two research areas that should be studied jointly? Well, pretty much anything you want as long as it is combined with usability."

CyLab's Lujo Bauer, one of the chairs of SACMAT 2010

Saturday, June 12, 2010

Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure


Notes on TIW 2010: The Builders & Building Blocks of Trustworthy Infrastructure

by Richard Power


Organized by Carnegie Mellon CyLab, co-sponsored by HP Labs and AMD, and the National Science Foundation (NSF), the second annual Trusted Infrastructure Workshop (TIW) was held on the main Carnegie Mellon campus in Pittsburgh, Pennsylvania (6/7/10-6/11/10).

Attending TIW is not for the faint-hearted, or weak-minded.

For fifty plus hours, over four and a half days, TIW participants were immersed in an ambitious agenda, including both research workshops, ranging from "Trusted Infrastructure Problem Space and Challenges" (led by HP Labs' Boris Balacheff) to “Chains of Trust and Dynamic Measurements (led by CyLab Research Director Adrian Perrig) and practical hands-on laboratory sessions, ranging from “TPM” (led by IBM’s Ken Goldman) to “Dynamic Roots of Trust” (led by CyLab’s Jonathan McCune).


TIW 2010 also featured presentations by experts from government, industry and academia (e.g., Microsoft’s Paul England on “TPM.Next”, HP's Mauricio Sanchez on Trusted Networking for Next Generation Data Center, and Wave's Robert Thibadeau on Storage Security) as well as several “Trustworthy Computing 101” sessions, (e.g., CyLab’s Bryan Parno on Bootstrapping Trust 101”).

Here are some glimpses into the compelling content of TIW 2010:

Notes on TIW 2010: Hands On, Practical Lab Exploring Roots of Dynamic Trust, Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision

Notes on TIW 2010: CyLab Director Virgil Gligor Issues "A Challenge for Trustworthy Computing"

Notes on TIW 2010: CyLab's Bryan Parno on Bootstrapping Trust 101

NOTE: We will be posting video from several TIW 2010 sessions to CyBlog, so stay tuned.

Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

From left to right: Adrian Perrig, Markus Jakobsson, Yanlin Li and Jonathan McCune


Notes on TIW 2010: Hands On, Practical Lab Exploring "Roots of Dynamic Trust," Spirited Research Workshop on "Chains of Trust & Dynamic Measurement"

By Richard Power


Much of what is most meaningful at TIW takes place beyond the one-dimensional surface of PowerPoint presentations, and outside the limited model of an active speaker and an audience of passive attendees, who are allowed five or ten minutes for Q and A at the end of the session.

Instead, TIW emphasizes practical, hands-on labs and engaging, in-depth research workshops. The labs provide an invaluable opportunity to immerse oneself in not only the lore but the experience of utilizing real-world tools and performing actual tasks. The research workshops encourage lively debate and the free exchange of ideas and insights

For example, in the "Roots of Dynamic Trust" Lab, led by CyLab's Jonathan McCune, TIW participants were provided with instructions on how to enable TX in BIOS, invoke a Flicker session, understand the PCR contents and reconstruct the PCR values, using either one of the HP EliteBook 8530p laptops supplied for the Lab sessions, or if they preferred their own laptops.

McCune also led two Research Workshops, one on "Chains of Trust & Dynamic Measurements" (with Adrian Perrig) and the other on "Toward Practical Attestation."

In "Chains of Trust & Dynamic Measurements," Perrig and McCune offered some insights on "Software-Based Attestation: History, Constructions, Applications, and Current State of Research."

The goal of Software-Based Attestation, as Perrig articulated it in his presentation, is to achieve a dynamic root of trust without hardware support.

McCune elaborated.

"What is the problem we are trying to solve here? Let's take it from the perspective of a user, interacting with a laptop. You ask the question, "Is my computer secure?" When you type in a web site address, and it loads, it is difficult to know with certainty that you are not interacting with some spoofed, or root-kitted, or maliciously virtualized platform that just happens to look like your intended platform. Ultimately, what we would like to achieve is to get a concrete answer, "Yes, my computer is doing what it was intended to be doing.

"So an interesting mechanism that can enable these types of properties is something called a dynamic root of trust. It has been added to some hardware platforms from AMD and Intel over the last few years, and it is realized as a CPU instruction, and it validates the fact that these are complex instruction set computers. But it is intended to create a secure execution environment and enable the bootstrapping of a trustworthy execution environment; a lot of the documentation will suggest that you might load a virtual machine monitor, but really it is fairly unconstrained.

"This instruction does all of these operations atomically, and this is atomically from the perspective of executing software ... We have already heard about the Trusted Platform Module (TPM), and the Platform Configuration Registers (PCR), and their abilities to store measurements of software.

"But we have talked about these measurements as a chain, a long chain beginning at some point in the boot process. But what we are actually going to be able to do with the dynamic root of trust is re-set a select sub-set of the Platform Configuration Registers, and we are going to re-set these to indicate that this special event has taken place, that we have somehow changed the state of the processor in a way that tells us something about the security of the system ..."

In his presentation, Perrig enumerated the "exciting properties" of software-based attestation:

Attestation on legacy systems

Attestation without secrets!

Already applicable in many environments


He also highlighted some open research challenges:

Architecture-independent verification function

Provable properties

High time difference between attack and legitimate function


Next, CyLab's Yanlin Li spoke on "SBAP: Software-Based Attestation for Peripherals,"

After Li, Markus Jakobsson of FatSkunk spoke on "Practical and Provably Secure Software-Based Attestation" for the mobile environment.

Using these three presentations as a starting point, Perrig, McCune, Li and Jakobsson were joined by CyLab Director Virgil Gligor to interact with TIW participants in a rousing dialogue on wide range of issues in Trustworthy Computing in general, and the subject matter of the presentations in particular.

NOTE: We will be posting video from this and a few other TIW 2010 sessions to CyBlog, so stay tuned.

Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision


Notes on TIW 2010: Q & A with Boris Balacheff of HP Labs & Ron Perez of AMD Articulate the TIW Vision

By Richard Power


What do you see as the purpose and significance of TIW?

Ron Perez, AMD: “Cybersecurity education is increasingly recognized as a critical requirement at every level of the public and private sector. You have to look no further than the White House and its Comprehensive National Cybersecurity Initiative, which calls for expanded cybersecurity education. The focus of TIW is on education, cybersecurity education. We explore and introduce students and participants from both industry and government to the existing body of research and solution building blocks in the trusted infrastructure space, as well as the significant challenges that remain to be solved. The goal is of course is to spread knowledge and encourage further research and development in this very important area which includes everything from securing your personal computing devices all the way to securing the critical infrastructure which provides services to billions of people and is increasingly the foundation on which national economies depend. The significance of this event will ultimately be measured in the reliability and resiliency of our information technology infrastructure, and our ability to use technology to serve our needs and make our lives better and safer.”

Boris Balacheff, HP Labs: "The Trusted Infrastructure Workshop (TIW) is intended as an open collaboration, education and innovation platform to bring together researchers and expert technologists from across industry, academia, and government alike. Research in Trusted Infrastructure is key to addressing today's need for information system security that we can trust in a global connected world. But one major challenge in this field lies in the interdisciplinary nature of the research involved to truly advance our ability to build secure, manageable and assured IT infrastructure solutions: from distributed systems to software engineering and software assurance, from hardware architectures to operating systems design, from information management to network design, from user studies to man-machine interface design, the field of trusted infrastructure research requires expertise from across the traditional computing community. It has been a very rich experience to found TIW with CyLab and other partners, and I am very excited to see it flourish. HP Labs Systems Security Lab is committed to rising to these challenges for trusted infrastructure innovation, and my involvement in founding the European Trusted Infrastructure summer school (ETISS - www.etiss.org), and now the TIW, reflect that commitment.”

How would you articulate the big issues that TIW 2010 addressed?

Perez: “Although we have been working in this problem space for decades, there remain many significant security related challenges to be addressed. The ability to establish trust in computers which you do not control and sometimes cannot even see is central to addressing many of these challenges. Whether it is having confidence in the security and privacy of data that is stored or processed in the cloud, the security and privacy of your own medical records and financial accounts, or securely interacting and conducting business with remote colleagues and businesses over the internet, establishing and maintaining trust that these systems are secure and perform only the functions for which they were designed is critical for continued progress and prosperity.”

Could you give me a brief description of the concept and format of the lab portions of the workshop?

Balacheff: “A challenge for TIW is to cater to multiple constituencies, and be attractive to both graduate students, researcher, and expert technologists. I think that TIW, like ETISS, are unique in the way that they offer a mix of research workshops, birds of a feather sessions, advanced lectures, as well as hands-on practical labs in a very focused week. Our goal is to support and bring together experts and newcomers in the different research domains whose collaboration are key to Trusted Infrastructure innovation. After five years of ETISS summer schools, and the second year of running the TIW workshop, I am excited to see the community come together and open collaboration in research develop between academia and industry around those events."

Perez: “TIW is designed to introduce participants to wide range of research and technologies encompassing the entire information technology space in a one week immersive setting. This includes exploration of security for the hardware and software stacks of common computing systems as well as the interaction of those systems in a distributed environment. We include lectures from leading researchers and technologists in various fields including secure hardware, storage, networking, operating systems, virtualization and cloud computing. We conduct laboratory exercises with existing technology building blocks, designed to give participants hands-on experience with existing technologies. We also have several sessions set aside to discuss challenges and promising research in a format that includes short presentations and interactive panel discussions designed to stimulate the workshop participants and encourage them to explore on their own after the workshop. And finally, we provide an environment where students from over twenty five different educational institutions can meet, get to know, and exchange ideas with each other as well as with many others from various companies and government agencies. It is our hope that the networks and relationships formed or started at TIW will result in innovative breakthroughs down the road.

What do you think is/are the most important take-away(s)from this workshop?

Perez: There are many important take-aways from this workshop, so it's difficult to identify the most important. For example, it's important that the students and other participants know that industry and government care about research and development that advances progress in this very critical area. It's important that they understand the bigger picture and how their own interests and research fits into the overall goals. It's important for them to know that the research opportunity space is large and growing, and there is plenty of room for them to make a significant difference and have positive impact on the current state. And it's important for them to know about the existing body of knowledge so that their own research leverages the work of others that came before them and they don't have to spend valuable time and effort re-inventing the wheel or discovering principles that are already well understood by other communities.”