Distributed Knowledge Authorization Language

Speaker: Yuri Gurevich, Microsoft Research

Abstract:
DKAL is a new expressive declarative authorization language for distributed systems. It is designed with user-centric access control in mind, and it features targeted communication and nested quotations. Knowledge plays a key role in DKAL. In principle, every principal computes "his" own knowledge. A resource manager permits the use of the resource if he concludes, on the basis of information available to him, that the permission should be granted. DKAL rests on the firm foundation of existential fixed-point logic. It has not been implemented yet.

Time: 27 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Attacks On the Netscape Browser plus Security Response Philosophy and Methods

Speaker: Jim Roskind, Roskind Consulting

Abstract:
The Netscape Communicator client was deployed on millions of desktops. It was also subject to attacks that attempted to gain unauthorized access to data on the client's computers, if not complete control of the computer. This talk discusses a broad range of examples of attacks that have been proposed against the Communicator application along with ways that the application evolved to block them.

Although the talk discusses numerous actual attacks across the history of Netscape, it also works to abstract elements of attacks, and show how they assemble to form exploits. The start of the talk, first presented in RSA2001, discusses 6 noteworthy historical attacks. The attacks include DNS False Advertising (not, DNS compromise!), Java class verifier vulnerability to a multi-thread attack, JavaScript Language feature creating a cache handling vulnerability, Java symbol table overrun, FILE: URL facilitating invasion of privacy, and insufficient HTML escaping browser side (not server side!).

As a bonus (not presented in RSA2001), a more generic discussion of issues surrounding security responses to identified security bugs is presented. The resolution to some of the above problems reveals that security patching is significantly different from software bug repair, and that fact needs to be used by response teams. The discussion ranges from problems caused by a lengthily QA cycle (and avoiding thrashing when bug inter-arrival/discovery time is smaller than a QA cycle), to why a bugs bounty is helpful (but why a bounty that is too large is actually problematic). Also presented is a proposed method to prevent reverse engineering of security patches (by distributing encrypted(??) patches). The method can also automate identification of *which* if any existing patch is critical during an attack, and it can accelerate and even automate patch deployment of the critical patch(es).

Time: 13 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

Some Results From the California Top To Bottom Review

Speaker: Eric Rescorla

Abstract:
In Spring of 2007, the California Secretary of State convened a team of security researchers to review the electronic voting systems certified for use in California. We were provided with the source code for the systems as well as with access to the hardware. Serious and exploitable vulnerabilities were found in all the systems analyzed: Diebold, Hart, and Sequoia. We'll be discussing the effort as a whole, providing an overview of the issues that all the teams found, and then discussing in detail the system we studied, Hart InterCivic.

Joint work with Srinivas Inguva, Hovav Shacham, and Dan Wallach

Time: 6 November 2007 (Tuesday) at 1630 hrs
Location: Gates 4B (opposite 490)

The Drives Project: From Disk Forensics to Media Exploitation

Speaker: Simson Garfinkel

Abstract:
A hard drive is a window into the past and a door into the mind. Using forensic techniques the data on a hard drive can reveal who broke into a computer system, what was done, and the perpetrators. Hard drives have proved so useful that they are now routinely seized or imaged in DoD, intelligence, law enforcement, and even civil actions.

But analyzing the information a hard drive today takes the time of a skilled analyst; today's tools lack significant automation and intelligence, and frequently crash. As a result there is a large backlog of hard drives waiting to be analyzed; important information is easily missed or not analyzed for months after it is acquired.

This talk discusses the work to date of the Drives Project, a 9-year (and counting) effort that is creating a large-scale collection of real disk drive images, open source tools, and new techniques for automatically processing data recovered from disk drives and other kinds of storage devices. Today the Drives Project has assembled a corpus of more than 1000 forensically interesting images from hard drives and USB storage devices that were collected all over the world. We have created open source formats, tools and algorithms for automatically analyzing this data in bulk and rapidly producing answers to questions that are relevant to the Defense, Intelligence and Law Enforcement communities. The Project is now in the process of dramatically expanding the global reach of data being acquired and exploring new research opportunities for using this data.

Time: 2 November 2007 (Friday) at 1630 hrs
Location: Gates 4B (opposite 490)