Tuesday, May 18, 2010

CyLab Research has Powerful Impact on 2010 IEEE Security & Privacy Symposium

Samuel Langhorne Clemens (a.k.a. Mark Twain) in the lab of Nikola Tesla, spring of 1894.

CyLab Research has Powerful Impact on 2010 IEEE Symposium on Security & Privacy

By Richard Power

Thirty-one papers were presented at the thirty-first annual IEEE Symposium on Security and Privacy, held in Oakland, California (5/16/10-5/19/10); of those thirty-one papers, six were authored by CyLab researchers, offering powerful testimony to the relevancy of CyLab's research and its impact on current and future trends in security and privacy in cyberspace.

TrustVisor, Efficient TCB Reduction and Attestation: Jonathan McCune (Carnegie Mellon University), Yanlin Li (Carnegie Mellon University), Ning Qu (Nvidia), Zongwei Zhou (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)

"We present TrustVisor, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application."

Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes: Haowen Chan, Adrian Perrig (Carnegie Mellon University)

"The new protocols avoid the high computation overhead of one-time signatures and multi-receiver MACs, as well as the time synchronization needed by TESLA. In terms of rounds of complexity and communication congestion, our protocols provide points in the design space that are not achievable by previously published protocols."

All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask): Thanassis Avgerinos, Edward Schwartz, David Brumley (Carnegie Mellon University)

"The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context."

A Proof-Carrying File System: Deepak Garg, Frank Pfenning (Carnegie Mellon University)

"We present the design and implementation of PCFS, a file system that adapts proof-carrying authorization to provide direct, rigorous and efficient enforcement of dynamics access policies."

Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size: Jason Franklin (Carnegie Mellon University), Sagar Chaki (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Arvind Seshadri (IBM Research)

"This paper develops a parametric verification technique that scales even when reference monitors and adversaries operate over unbounded, but finite data structures. Specifically, we develop a parametric guarded command language for modeling reference monitors and adversaries."

Bootstrapping Trust in Commodity Computers: Bryan Parno, Jonathan M. McCune, Adrian Perrig (Carnegie Mellon University)

"In this survey, we organize and clarify extensive research on bootstrapping trust in commodity systems. We identify inconsistencies (e.g., attacks prevented by various forms of secure and trusted boot) and commonalities (e.g., all existing attempts to capture dynamic system properties still reply in some sense on static, load-time guarantees) in previous work."

In addition to the six papers presented, two CyLab researchers (Jonathan McCune and David Brumley) chaired sessions, and a third, Collin Jackson, led a workshop.