 |
|
 |
|
Security and Privacy Day: Program New Jersey Institute of Technology (NJIT) Friday, December 2, 2011 Campus Center Atrium
AbstractsSoftware self-healing Using REASSUREGeorge Portokalidis, Columbia University
Software errors are frequently responsible for the limited availability
of Internet Services, loss of data, and many security com- promises.
Self-healing using rescue points (RPs) is a mechanism that can be used to
recover software from unforeseen errors until a more permanent remedy, like
a patch or update, is available. We present REASSURE, a self-contained
mechanism for recovering from such errors using RPs. Essentially, RPs are
existing code locations that handle certain anticipated errors in the target
application, usually by returning an error code. REASSURE enables the use of
these locations to also handle unexpected faults. This is achieved by
rolling back execution to a RP when a fault occurs, returning a valid error
code, and enabling the application to gracefully handle the unexpected error
itself. REASSURE can be applied on already running applications, while
disabling and removing it is equally facile. We tested REASSURE with various
applications, including the MySQL and Apache servers, and show that it
allows them to successfully recover from errors, while incurring moderate
overhead between 1% and 115%. We also show that even under very adverse
conditions, like their continuous bombardment with errors, REASSURE
protected applications remain operational.
Justin Cappos, Poly-NYU
Software has bugs. In order to keep software secure, computers
download software updates to patch vulnerabilities in the running
software. Surprisingly, these software update systems are relatively
unstudied and are also widely insecure. Software update systems
often run with administrator privileges and retrieve code they will
execute or insert into running programs. This makes them a
high-value attack vector that is hard to protect using different
means. To make matters worse, it is challenging to build a secure
software update system. We have studied dozens of widely used
software update systems and discovered serious vulnerabilities and
limitations. Given there are tens of thousands of software update
system implementations by thousands of companies, it seems infeasible
to protect this attack vector. In this talk, we present a system
called TUF that addresses software update security in real world
environments.
Rosario Gennaro, IBM Research
In this talk I will present protocols that allow a computationally weak client to securely outsource arbitrary computations to a powerful server. Security in this context means that the client will receive an assurance that the computation performed by the server is correct, with the optional property that the client will be able to hide some of his data from the server. The problem of securely outsourcing computation has received widespread attention due to the rise of cloud computing a paradigm where businesses lease computing resources from a service rather than maintain their own infrastructure. A crucial component of secure cloud computing is a mechanism that enforces the integrity and correctness of the computations done by the provider. Of course, the computation invested by the (weak) client in order to verify the result of the server's computation must be substantially smaller than the amount of computation required to perform the work to begin with.
Stuart Haber, HP Labs, Princeton
We present a new signature algorithm that allows for controlled
changes to the signed data. The change operations we study are
removal of subdocuments (redaction), pseudonymization, and gradual
deidentification of hierarchically structured data. These operations
are applicable in a number of practically relevant application
scenarios, including the release of previously classified government
documents, privacy-aware management of audit-log data, and the
release of tables of health records. When applied directly to
redaction, our algorithm improves on previous work by reducing
significantly the overhead of cryptographic information that has to
be stored with the original data. (This is joint work with Yasuo
Hatano, Yoshinori Honda, Bill Horne, Kunihiko Miyazaki, Tomas
Sander, Satoru Tezuka and Danfeng Yao.)
Sven Dietrich, Stevens Institute of Technology
We present some experiments with a commercial toy drone to perform attacks
to penetrate wireless networks. SkyNET is a stealth network that connects
hosts to a botmaster through a mobile drone. The network is comprised of
machines on home Wi-Fi networks in a proximal urban area, and one or more
autonomous attack drones. The SkyNET is used by a botmaster to command
their botnet(s) without using the Internet, and creates a gap between the
botmaster and its bots. Reverse engineering the botnet, or enumerating the
bots, does not reveal the identity of the botmaster. In this talk we
present a working example, SkyNET complete with a prototype attack drone,
discuss the impact of using such a command and control method, and provide
insight on how to protect against such attacks.
Jaideep Vaidya, Rutgers University
Access control facilitates controlled sharing and protection
of resources in an enterprise. When correctly implemented and
administered, it is effective in providing security. However, in many
cases, there is a belief on the part of the consumers that security
requirements can be met by simply acquiring and installing a product.
Unfortunately, since the security requirements of each organization are
different, there is no single tool (or even any meaningful set of tools)
that can be readily employed. Most organizations today perform
permission assignment to its entities on a more or less ad-hoc basis,
with poor documentation. Such lack of system administrators' awareness
of comprehensive view of total permissions of an entity on all systems
results in an ever growing set of permissions leading to
misconfigurations such as under privileges, violation of the least
privilege requirement (i.e., over authorization), and expensive security
administration. In this talk, we examine the problem of automated
security configuration and administration, especially from the access
control perspective. This is a challenging area of research where many
of the underlying problems are NP-hard and it is necessary to find
solutions that work with reasonable performance without trading-off
accuracy. We discuss some of the existing work that addresses this and
lay out future problems and challenges.
Don Porter, Stony Brook University
This will introduce the new CloudTracker project at Stony Brook.
The talk will survey background material in the domains of provenance
tracking and policy enforcement,
and then discuss ongoing research efforts to build cloud-scale versions
of these primitives.
Ari Feldman, Princeton University
Cloud-based services are an attractive deployment model for user-facing
applications like word processing and calendaring. Unlike desktop
applications, cloud services allow multiple users to edit shared state
concurrently and in real-time, while being scalable, highly available,
and globally accessible. Unfortunately, these benefits come at the cost
of fully trusting cloud providers with potentially sensitive and
important data.
Jakub Szefer, Princeton University
Hypervisor-Free Virtualization with NoHype
Abstract:
Cloud computing is a disruptive trend that is changing the way we use
computers and virtualization software, namely hypervisor, is its key
component. Unfortunately, hypervisors are large, complex, and have a
considerable attack surface. Moreover, because multiple virtual
machines run on the same server and since the hypervisor plays a
considerable role in the operation of a virtual machine, a malicious
party has the incentive to attack the hypervisor. A successful attack
would give the malicious party control over the all-powerful
virtualization software, potentially compromising the confidentiality
and integrity of the software and data of any virtual machine on that
system.
|
|