CyLab

Despite soaring investments in IT infrastructure, the state of operational network security continues to be abysmal. We argue that this is because existing enterprise security approaches fundamentally lack precision in one or more dimensions: (1) isolation to ensure that the enforcement mechanism does not induce interference across different principals; (2) context to customize policies for different devices; and (3) agility to rapidly change the security posture in response to events. To address these shortcomings, we present PSI, a new enterprise network security architecture that addresses these pain points. PSI enables fine-grained and dynamic security postures for different network devices. These are implemented in isolated enclaves and thus provides precise instrumentation on these above dimensions by construction. To this end, PSI leverages recent advances in software-defined networking (SDN) and network functions virtualization (NFV). We design expressive policy abstractions and scalable orchestration mechanisms to implement the security postures. We implement PSI using an industry-grade SDN controller (OpenDaylight) and integrate several commonly used enforcement tools (e.g., Snort, Bro, Squid). We show that PSI is scalable and is an enabler for new detection and prevention capabilities that would be difficult to realize with existing solutions.

This is a practice talk for Tianlong’s talk at NDSS 2016.

Tianlong Yu is a third year PhD student in CyLab, advised by Prof. Vyas Sekar and Prof. Srini Seshan. His research focuses on extending Software Defined Networking (SDN) and Network Function Virtualization (NFV) to provide customized, dynamic and isolated policy enforcement for critical assets in network. More broadly, his research covers enterprise network security and Internet-of-Things network security.

In today’s data-centric economy issues of privacy are becoming increasingly complex to manage. This is true for users who are often feeling helpless when it comes to understanding and managing the many different ways in which their data can be collected and used. But it is also true for developers, service providers, app store operators and regulators.  A significant source of frustration has been the lack of progress in formalizing the disclosure of data collection and use practices. These disclosures today continue to primarily take the form of long privacy policies, which very few people actually read.

What if computers could actually understand the text of privacy policies? In this talk, I will report on our progress developing techniques to do just that and will discuss the development and piloting of tools that build on these technologies. This includes an overview of a compliance tool for mobile apps. The tool automatically analyzes the code of apps and compares its findings with disclosures made in the text of privacy policies to identify potential compliance violations. I will report on a study of about 18,000 Android apps. Results of the study suggest that compliance issues are widespread.

In the second part of this talk, I will discuss how using machine learning we can also build models of people’s privacy preferences and help them manage their privacy settings. This will include an overview of our work on Personalized Privacy Assistants. These assistants are intended to selectively notify their users about data collection and use practices they may find egregious and are also capable of helping their users configure available privacy settings. We will review results of a pilot involving one such assistant developed to help users manage their mobile app permissions. I will conclude with a discussion of ongoing work to extend this functionality in the context of Internet of Things scenarios.

Norman M. Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU) and a faculty at CyLab. He is director of CMU’s Mobile Commerce Laboratory and co-Director of the MSIT Program in Privacy Engineering. He also co-founded the School of Computer Science ’s PhD Program in Societal Computing (formerly  Computation, Organizations and Society). His primary research interests are in the area of mobile  computing, the Internet of Things, cybersecurity, online privacy, user-oriented machine learning, human computer interaction and artificial intelligence. His research has been credited with influencing the design and development of a number of commercial products well as activities at the US Federal Trade Commission the California Office of the Attorney General.

Between 2008 and 2011, Norman served as founding CEO of Wombat Security Technologies, a leading provider of SaaS cybersecurity training products and anti-phishing solutions originally developed as part of research with several of his colleagues at CMU. As chairman of the board and chief scientist, Norman remains actively involved in the company, working closely with the management team on both business and technology strategies. Among other activities, Norman currently leads two of the largest domestic research projects in privacy, an NSF SaTC Frontier project on Usable Privacy Policies and a project on Personalized Privacy Assistants funded by the DARPA Brandeis initiative, the National Science Foundation and Google’s IoT Expedition.

In the late nineties, Norman was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as Chief Scientist of its US $600M (EUR 550M) initiative in New Methods of Work and eCommerce within the Information Society Technologies (IST) program. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, Norman also contributed to a number of EU policy initiatives related to eCommerce, the Internet, cybersecurity, privacy and entrepreneurship.

To comply with 1990s-era US export restrictions on cryptography, early versions of SSL/TLS supported reduced-strength ciphersuites that were restricted to 40-bit symmetric keys and 512-bit RSA and Diffie-Hellman public values.  Although the relevant export restrictions have not been in effect since 2000, modern implementations often maintain support for these cipher suites along with old protocol versions.

In this talk, I will discuss recent attacks against TLS (FREAK, Logjam, and DROWN) demonstrating how server-side support for these insecure ciphersuites harms the security of users with modern TLS clients.  These attacks exploit a combination of clever cryptanalysis, advances in computing power since the 1990s, previously undiscovered protocol flaws, and implementation vulnerabilities.

Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on security, applied cryptography, and algorithms. Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.

Using the Internet is a risky venture: cybercriminals could be lurking behind any email or in any web page, just waiting to compromise your machine.  Practicing and researching cybersecurity is about minimizing that risk.

Unfortunately, modern cybercriminals don't compromise  machines just because they can - they do it to make money or steal data. Likewise, the risks that end users care about aren't measured in vulnerabilities discovered or hosts compromised, they care about losing hard earned money, embarrassing pictures, or simply a night of their free time because they had to remove malware from the family computer. Cybersecurity research should minimize the chance of successful  attacks by maximizing the number of vulnerabilities patched or infiltrations thwarted. However, these technical goals are fundamentally intermediate goals: the ultimate goal of cybersecurity is to minimize the amount of harm that comes to users, which is a quantity denominated in dollars lost, days spent recovering from attacks, or data lost to attackers. By quantifying the harm of these attacks in these meaningful quantities,  we can focus defenses and mitigations on the attacks that cause the most harm to the Internet's users.

This talk will highlight recent results that improve our understanding the true cost of cybersecurity events and the benefits of its enablers.  I'll also show how these results can lead to actionable insights into which attacks we should be spending our finite effort combating. I'll cover losses due to affiliate fraud, measured in profits lost, both by the platforms and legitimate marketers. I'll also cover losses incurred due to typosquatting: while typosquatting is perpetrated by thousands upon thousands of domains, the harm caused is not clear. Furthermore, I'll explain some of our results looking at how features in modern browsers benefit end users.  Finally, I'll showcase a tool which quantifies the value of a user's private data (their account logins), which can motivate better security behavior through a personalized warning regarding how much their account might be worth to cybercriminals.

We are clearly moving toward an Internet where encryption is ubiquitous—by some estimates, more than half of all Web traffic is HTTPS, and the number is growing. This is a win in terms of privacy and security, but it comes at the cost of functionality and performance, since encryption blinds middleboxes (devices like intrusion detection systems or web caches that process traffic in the network). In this talk I will describe two recent and ongoing projects exploring techniques for including middleboxes in secure sessions in a controlled manner. The first is a protocol, developed in collaboration with Telefónica Research and called Multi-Context TLS (mcTLS), that adds access control to TLS so that middleboxes can be added to a TLS session with restricted permissions. The second, which is ongoing work with Microsoft Research, explores bringing trusted computing technologies like Intel SGX to network middleboxes.

David Naylor is a sixth year Ph.D. student at Carnegie Mellon University, where he's advised by Peter Steenkiste. His primary research interests are computer networking, security, and privacy, but he’s also interested in Web measurement and performance . David is currently on the academic job market.

Algorithms in nature are simple and elegant yet ultimately sophisticated. All behaviors are connected to the basic instincts we take for granted. The biomorphic approach attempts to connect artificial intelligence to primitive intelligence. It explores the idea that a genuinely intelligent computers will be able to interact naturally with humans. To form the bridge, computers need the ability to recognize, understand, and even have instincts similar to living creatures. In this talk, I will introduce the theoretical models in my new book "Instinctive Computing" and a few real-world applications, including visual analytics of dynamic patterns of malware spreading, SQL and DDOS attacks, IoT data analysis in a smart building, speaker verification on mobile phones, privacy algorithms for the microwave imaging in airports and the privacy-aware smart windows for the autonomous light-rail transit vehicles in downtown Singapore.

Dr. Yang Cai is Senior Systems Scientist of CyLab, Director of Visual Intelligence Studio, and Associate Professor of Biomedical Engineering, Carnegie Mellon University, Pittsburgh. His research interests include steganography, machine intelligence, video analytics, interactive visualization of Big Data, biomorphic algorithms, medical imaging systems, and visual privacy algorithms. He has published 6 books including a new monograph "Instinctive Computing" (Springer, 2016) and a textbook "Ambient Diagnostics" (CRC, 2014). He also taught courses "Image, Video and Multimedia" (ECE18-798), "Cognitive Video" (ECE18-799K), “Clinical Practicum” (BME 42-790), "Human Algorithms (Fine Art 06-427), “Innovation Process” (HCI 05-899C), and the University-Wide Course "Creativity" (99-428). He was a Research Fellow in Studio for Creative Inquiry at School of Art and exhibited his artwork in Italy and U.S. He has been a volunteer scientist of 3D imaging at the archeology field school in Alps for ten years

Jam resistance for omnidirectional wireless networks is an important problem. Existing jam-resistant systems use a secret spreading sequence or secret hop sequence, or some other information that must be kept secret from the jammer. BBC coding is revolutionary in that it achieves jam resistance without any shared secret. BBC requires the use of a hash function that is fast and secure, but “secure” in a different sense than for standard cryptographic hashes. We present a potential hash function: Glowworm. For incremental hashes as used in BBC codes, it can hash a string of arbitrary length in 11 clock cycles. That is not 11 cycles per bit or 11 cycles per byte. That is 11 cycles to hash the entire string, given that the current string being hashed differs from the last in only an addition or deletion of its last bit. An exhaustive security proof has been done for 32 bit Glowworm.

Martin Carlisle is a teaching professor in the Carnegie Mellon University Information Networking Institute and a security researcher in CMU’s CyLab. Previously, he was a computer science professor at the United State Air Force Academy, Director of the Academy Center for Cyberspace Research, and founder and coach of the Air Force Academy Cyber Competition Team. Prof. Carlisle earned a PhD in Computer Science from Princeton University. His research interests include computer security, programming languages and computer science education.

He is the primary author of RAPTOR, an introductory programming environment used in universities and schools around the world.  He founded and coached the Air Force Academy Cyber Competition Team, which advanced four years to the National Collegiate Cyber Defense Competition.  He is an ACM Distinguished Educator, a Colorado Professor of the Year, and a recipient of the Arthur S. Flemming Award for Exceptional Federal Service.

Authors of malicious software, or malware, have a plethora of options when deciding how to protect their code from network defenders and malware analysts. For many static analyses, malware authors do not even need sophisticated obfuscation techniques to bypass detection, simply compiling with different flags or with a different compiler will suffice. We propose a new static analysis called CARDINAL that is tolerant of the differences in binaries introduced by compiling the same source code with different flags or with different compilers. We accomplished this goal by finding an invariant between these differences. The effective invariant we found is the number of arguments to a call, or callsite parameter cardinality (CPC). Per function, we concatenate all CPC's together and add the result into a Bloom filter. Signatures constructed in this manner can be quickly compared to each other using a Jaccard index to obtain a similarity score. We empirically tested our algorithm on a large corpus of transformed malware and found that using a threshold value of 0.15 for determining a positive or negative match yielded results with a 11% false negative rate and a 11% false positive rate. Overall, we both demonstrate that CPC's are a telling feature that can increase the efficacy of static malware analyses and point the way forward in static analyses.

Martin Carlisle is a teaching professor in the Carnegie Mellon University Information Networking Institute and a security researcher in CMU’s CyLab. Previously, he was a computer science professor at the United State Air Force Academy, Director of the Academy Center for Cyberspace Research, and founder and coach of the Air Force Academy Cyber Competition Team. Prof. Carlisle earned a PhD in Computer Science from Princeton University. His research interests include computer security, programming languages and computer science education.

He is the primary author of RAPTOR, an introductory programming environment used in universities and schools around the world.  He founded and coached the Air Force Academy Cyber Competition Team, which advanced four years to the National Collegiate Cyber Defense Competition.  He is an ACM Distinguished Educator, a Colorado Professor of the Year, and a recipient of the Arthur S. Flemming Award for Exceptional Federal Service.

The Ironclad project at Microsoft Research is using a set of new and modified tools based on automated theorem proving to build Ironclad services.  An Ironclad service guarantees to remote parties that every CPU instruction the service executes adheres to a high-level specification, convincing clients that the service will be worthy of their trust.  To provide such end-to-end guarantees, we built a full stack of verified software.  That software includes a verified kernel; verified drivers; verified system and cryptography libraries including SHA, HMAC, and RSA; and four Ironclad Apps.  As a concrete example, our Ironclad database provably provides differential privacy to its data contributors.  In other words, if a client encrypts her personal data with the database's public key, then it can only be decrypted by software that guarantees, down to the assembly level, that it preserves differential privacy when releasing aggregate statistics about the data. 

We then expanded the scope of our verification efforts to distributed systems, which are notorious for harboring subtle bugs.  We have developed IronFleet, a methodology for building practical and provably correct distributed systems.  We demonstrated the methodology on a complex implementation of a Paxos-based replicated state machine library and a lease-based sharded key-value store.  We proved that each obeys a concise safety specification, as well as desirable liveness requirements.  Each implementation achieves performance competitive with a reference system. 

In this talk, we describe our methodology, formal results, and lessons we learned from building large stacks of verified systems software.  In pushing automated verification tools to new scales (over 70K lines of code and proof so far), our team has both benefited from automated verification techniques and uncovered new challenges in using them.

By continuing to push verification tools to larger and more complex systems, Ironclad ultimately aims to raise the standard for security- and reliability-critical systems from "tested" to "correct".

Bryan Parno is a Researcher in the Security and Privacy Group at Microsoft Research.  After receiving a Bachelor's degree from Harvard College, he completed his PhD at Carnegie Mellon University, where his dissertation won the 2010 ACM Doctoral Dissertation Award.  In 2011, he was selected for Forbes' 30-Under-30 Science List. 

He formalized and worked to optimize verifiable computation, receiving a Best Paper Award at the IEEE Symposium on Security and Privacy his advances.  He coauthored a book on Bootstrapping Trust in Modern Computers, and his work in that area has been incorporated into the latest security enhancements in Intel CPUs. His research into security for new application models was incorporated into Windows and received a Best Paper Awards at the IEEE Symposium on Security and Privacy and the USENIX Symposium on Networked Systems Design and Implementation.  He has recently extended his interest in bootstrapping trust to the problem of building practical, formally verified secure systems. His other research interests include user authentication, secure network protocols, and security in constrained environments (e.g., RFID tags, sensor networks, or vehicles).

This session introduces essential ingredients for any cyber security program called the Three T’s of Cyber Security: Talent, Tools and Techniques. Jim Routh, the CSO for Aetna and board member of both the NH-ISAC and FS-ISAC will share his perspective on which of the three T’s is the most significant. He will share specific processes and methods in place today for Aetna demonstrating the importance of “un-conventional” controls to change the rules for threat adversaries providing specific examples of innovative use of early stage technology solutions.

Jim Routh is the Chief Security Officer and leads the Global Information Security function for Aetna. He is the Chairman of the National Health ISAC and a Board member of the FS-ISAC. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner. He was the Information Security Executive of the Year winner for the Northeast in 2009 and the Information Security Executive of the Year in 2014 in North America for Healthcare.

Pages

Subscribe to CyLab