Daoli: Grid security via Trusted Computing protected virtualization

Speaker: Wenbo Mai, EMC Research

Abstract:
A grid builds a virtual organization (VO) of unbounded computational and storage capacity by pooling heterogeneous resources from real organizations. A grid user is typically a resource scarce entity while having a large quantity of jobs to be processed. With the user in need of resources from resourceful organizations, we shall name a user a resource lessee and the latter entities resource lessors. Currently grids in such a lessee-lessor-VO structure are not in commercial adoption yet. Ideally, commercial enterprises, like resource-abundant-and-under-utilized financial institutions, should go for the grid, i.e., become lessors. Inadequate grid security currently prevents commercial organizations from being lessors. A missing security service is behavior conformity: VO code must not damage the lessor, and conversely, the lessor must not compromise the VO proprietary information.

Project Daoli attempts to strengthen grid security by adding behavior conformity to grid computing. We will apply Trusted Computing Group's (TCG) technology as our means to behavior conformity and we do so by working on virtualization in two layers in the software stack. In the OS layer, a highly-privileged hypervisor for memory arbitration will be measured by a Trusted Platform Module (TPM) to achieve isolation between processes. Above OSes a grid middleware will achieve virtualization of hardware platforms and commodity OSes so that a unique VO code for policy enforcement can run on the middleware across a heterogeneous environment. The VO code and/or data which need confidentiality and/or integrity protection are secured by cryptographic credentials. By calling the standard credential migration function of TCG, VO credentials can be migrated from one TPM to another along the leased platforms.

Time: 11 December 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Tradeoffs in Retrofitting Security: An Experience Report

Speaker: Mark S. Miller, Google

Abstract:
In 1973, John Reynold's and James Morris' Gedanken Language retrofit object-capability security into an Algol-like base language. Today, there are active projects retrofitting Java, Javascript, Python, Mozart/Oz, OCaml, Perl, and Pict. These represent a variety of approaches, with different tradeoffs regarding legacy compatibility, safety, and expressivity. In this talk I propose a taxonomy of these approaches, and discuss some of the lessons learned to date.

Time: 4 December 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Distributed Knowledge Authorization Language

Speaker: Yuri Gurevich, Microsoft Research

Abstract:
DKAL is a new expressive declarative authorization language for distributed systems. It is designed with user-centric access control in mind, and it features targeted communication and nested quotations. Knowledge plays a key role in DKAL. In principle, every principal computes "his" own knowledge. A resource manager permits the use of the resource if he concludes, on the basis of information available to him, that the permission should be granted. DKAL rests on the firm foundation of existential fixed-point logic. It has not been implemented yet.

Time: 27 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Attacks On the Netscape Browser plus Security Response Philosophy and Methods

Speaker: Jim Roskind, Roskind Consulting

Abstract:
The Netscape Communicator client was deployed on millions of desktops. It was also subject to attacks that attempted to gain unauthorized access to data on the client's computers, if not complete control of the computer. This talk discusses a broad range of examples of attacks that have been proposed against the Communicator application along with ways that the application evolved to block them.

Although the talk discusses numerous actual attacks across the history of Netscape, it also works to abstract elements of attacks, and show how they assemble to form exploits. The start of the talk, first presented in RSA2001, discusses 6 noteworthy historical attacks. The attacks include DNS False Advertising (not, DNS compromise!), Java class verifier vulnerability to a multi-thread attack, JavaScript Language feature creating a cache handling vulnerability, Java symbol table overrun, FILE: URL facilitating invasion of privacy, and insufficient HTML escaping browser side (not server side!).

As a bonus (not presented in RSA2001), a more generic discussion of issues surrounding security responses to identified security bugs is presented. The resolution to some of the above problems reveals that security patching is significantly different from software bug repair, and that fact needs to be used by response teams. The discussion ranges from problems caused by a lengthily QA cycle (and avoiding thrashing when bug inter-arrival/discovery time is smaller than a QA cycle), to why a bugs bounty is helpful (but why a bounty that is too large is actually problematic). Also presented is a proposed method to prevent reverse engineering of security patches (by distributing encrypted(??) patches). The method can also automate identification of *which* if any existing patch is critical during an attack, and it can accelerate and even automate patch deployment of the critical patch(es).

Time: 13 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Some Results From the California Top To Bottom Review

Speaker: Eric Rescorla

Abstract:
In Spring of 2007, the California Secretary of State convened a team of security researchers to review the electronic voting systems certified for use in California. We were provided with the source code for the systems as well as with access to the hardware. Serious and exploitable vulnerabilities were found in all the systems analyzed: Diebold, Hart, and Sequoia. We'll be discussing the effort as a whole, providing an overview of the issues that all the teams found, and then discussing in detail the system we studied, Hart InterCivic.

Joint work with Srinivas Inguva, Hovav Shacham, and Dan Wallach

Time: 6 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

The Drives Project: From Disk Forensics to Media Exploitation

Speaker: Simson Garfinkel

Abstract:
A hard drive is a window into the past and a door into the mind. Using forensic techniques the data on a hard drive can reveal who broke into a computer system, what was done, and the perpetrators. Hard drives have proved so useful that they are now routinely seized or imaged in DoD, intelligence, law enforcement, and even civil actions.

But analyzing the information a hard drive today takes the time of a skilled analyst; today's tools lack significant automation and intelligence, and frequently crash. As a result there is a large backlog of hard drives waiting to be analyzed; important information is easily missed or not analyzed for months after it is acquired.

This talk discusses the work to date of the Drives Project, a 9-year (and counting) effort that is creating a large-scale collection of real disk drive images, open source tools, and new techniques for automatically processing data recovered from disk drives and other kinds of storage devices. Today the Drives Project has assembled a corpus of more than 1000 forensically interesting images from hard drives and USB storage devices that were collected all over the world. We have created open source formats, tools and algorithms for automatically analyzing this data in bulk and rapidly producing answers to questions that are relevant to the Defense, Intelligence and Law Enforcement communities. The Project is now in the process of dramatically expanding the global reach of data being acquired and exploring new research opportunities for using this data.

Time: 2 November 2007 (Friday) at 1630 hrs
Location: Gates 4B (opposite 490)

The Ghost in the Browser

Speaker: Niels Provos, Google

Abstract:
As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user's applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, this talk identifies the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, the talk presents examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

Time: 25 September 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Statistically Hiding Commitment from Any One-Way Function

Speaker: Iftach Haitner

Abstract:
A commitment scheme defines a two-stage interactive protocol between a sender and a receiver; informally, after the commit stage, the sender is bound to (at most) one value, which is not yet revealed to the receiver, and in the reveal stage the receiver finally learns this value. In a statistically-hiding computationally-binding commitment scheme (for short, statistical commitment) even an all-powerful receiver does not learn the value to which the sender commits before the reveal stage, while a polynomial-bounded sender is bound to at most one value after the commit stage.

Statistical commitment is a fundamental primitive in cryptography, it can be used as a building block in constructions of statistical zero-knowledge arguments and certain coin-tossing protocols. In particular, it implies, via standard reduction, a way to transform protocols that are secure assuming an all powerful honest-but-curious party, into one that is secure even when this party maliciously deviates from the protocol.

We give the first construction of statistically-hiding commitment schemes based on the minimal cryptographic assumption that one-way functions exist (previous constructions assume some structure on the functions, e.g. regularity). Our construction employs two-phase commitment schemes, recently constructed by Nguyen, Ong and Vadhan (FOCS '06), and universal one-way hash functions introduced and constructed by Naor and Yung (STOC '89) and Rompel (STOC '90).

Joint work with Omer Reingold

Time: 10 September 2007 (Monday) at 1630 hrs
Location: Gates 4B (opposite 490)

Compact Ecash and Applications

Speaker: Anna Lysyanskaya, Brown

Abstract:
The main idea of electronic cash (ecash) is that, even though the same party (a Bank) is responsible for giving out electronic coins, and for later accepting them for deposit, the withdrawal and the spending protocols are designed in such a way that it is impossible to identify when a particular coin was spent. I.e., the withdrawal protocol does not reveal any information to the Bank that would later enable it to trace how a coin was spent. Since a coin is represented by data, and it is easy to duplicate data, an electronic cash scheme requires a mechanism that prevents a user from spending the same coin twice (double-spending), for example by identifying double-spenders and tracing all transactions that they have carried out. Therefore, ecash is an example of balancing anonymity with accountability: a user remains anonymous until she violates a particular condition (spends a coin more than once).

In this talk, I will give several examples of balancing anonymity with accountability along these lines. First, I will first present a scheme that allows a user to withdraw a wallet, such that the user can spend N coins anonymously, but will get identified should she spend N+1 times. (The complexity of each operation here only has a logarithmic dependence on N.) Then I will show that this can be extended to, for example, allow a user to spend at most M coins anonymously with a particular merchant, or, as another example, spend at most L coins anonymously in one day.

Based on joint papers with Jan Camenisch, Susan Hohenberger, Markulf Kohlweiss, and Mira Meyerovich.

Time: 24 August 2007 (Friday) at 1630 hrs
Location: Gates 4B (opposite 490)

Securing Vote Storage Mechanisms: Deterministic History-Independent Strategies for Storing Information on Write-Once Memories

Speaker: Gil Segev, Weizmann Institute of Science

Abstract:
Motivated by the challenging task of designing "secure" vote storage mechanisms, we deal with information storage mechanisms that operate in extremely hostile environments. In such environments, the majority of existing techniques for information storage and for security are susceptible to powerful adversarial attacks. In this setting, we propose a mechanism for storing a set of at most $K$ elements from a large universe of size $N$ on write-once memories in a manner that does not reveal the insertion order of the elements. We consider a standard model for write-once memories, in which the memory is initialized to the all $0$'s state, and the only operation allowed is flipping bits from $0$ to $1$. Whereas previously known constructions were either inefficient (required $\Theta(K^2)$ memory), randomized, or employed cryptographic techniques which are unlikely to be available in hostile environments, we eliminate each of these undesirable properties. The total amount of memory used by the mechanism is linear in the number of stored elements and poly-logarithmic in the size of the universe of elements.

In addition, we consider one of the classical distributed computing problems: conflict resolution in multiple-access channels. By establishing a tight connection with the basic building block of our mechanism, we construct the first deterministic and non-adaptive conflict resolution algorithm whose running time is optimal up to poly-logarithmic factors.

Joint work with Tal Moran and Moni Naor.

Time: 31 July 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)