We host a weekly security seminar with research talks by invited speakers, faculty, and graduate students. Please sign up for our security talks mailing list to receive talk announcements.
All seminars are held in the CSB Conference Room unless another location is listed.
Spring 2011
Fall 2010
Spring 2010
Fall 2009
Spring 2009
- Apr. 27, Reflections on the Engineering and Operation of a Large-Scale Embedded Device Vulnerability Scanner, Ang Cui
- Apr. 20, A Principled Approach to Efficient Software-based Dynamic Data Flow Tracking, Kangkook Jee
- Apr. 13, Smashing the Gadgets: Detection and Prevention of Code-Reuse Attacks, Michalis Polychronakis
- Apr. 6, Leakage Resilient Cryptography: a Practical Overview, Francois-Xavier Standaert
- Mar. 23, Security Research with Human Subjects: Informed Consent, Risk, and Benefits, Maritza Johnson
- March. 9, Detecting Wikipedia Vandalism via Spatio-Temporal Analysis of Revision Metadata, Andrew G. West
- Feb. 23, Scammed: The Fragility of Trust at a Distance, Hugh Thompson
- Feb. 16, Howard: A Dynamic Excavator for Reverse Engineering Data Structures, Asia Slowinska
- Feb. 2, Cybersecurity Challenges, Steven Bellovin
- Jan. 26, Rethinking Passwords, William Cheswick
Reflections on the Engineering and Operation of a Large-Scale Embedded Device Vulnerability Scanner
Ang Cui, Columbia University PhD Student
We present important lessons learned from the engineering and operation of a large-scale embedded device vulnerability scanner infrastructure. Developed and refined over the period of one year, our vulnerability scanner monitored large portions of the internet and was able to identify over 1.1 million publicly accessible trivially vulnerable embedded devices. The data collected has helped us move beyond vague, anecdotal suspicions of embedded insecurity towards a realistic quantitative understanding of the current threat. In this paper, we describe our experimental methodology and reflect on key technical, organizational and social challenges encountered during our research. We also discuss several key technical design missteps and operational failures and their solutions.
A Principled Approach to Efficient Software-based Dynamic Data Flow Tracking
Kangkook Jee, Columbia University PhD Student
Despite the demonstrated usefulness of dynamic data flow tracking (DDFT) techniques in a variety of applications, the poor performance achieved by available prototypes prevents their widespread adoption and use in production systems. We present and evaluate a novel methodology for improving the performance overhead of explicit DDFT by combining static and dynamic analysis. Our intuition is to separate the program logic from the corresponding tracking logic, extracting the semantics of the latter and abstracting them using a Taint Flow Algebra. We then apply compiler optimization techniques to eliminate redundant tracking logic and minimize interference with the target program. Our optimizations do not require additional resources to improve performance, neither do they restrict or remove functionality. Most importantly, our approach is orthogonal to optimizations devised in the past, and can deliver additive performance benefits. Furthermore, it can be applied both on techniques that require source code as well as on those that operate on binary-only software. We evaluate the correctness and impact of our optimizations by augmenting a freely available high-performance DDFT framework, and applying it to multiple applications, including command line utilities, a database server, and scripting language runtimes for PHP and JavaScript. We demonstrate a speedup of DDFT by as much as 1.96x, with an average of 1.31x across all tested applications.
Smashing the Gadgets: Detection and Prevention of Code-Reuse Attacks
Michalis Polychronakis, Columbia University Postdoctoral Researcher
Attack prevention technologies such as non-executable pages (W^X) and Data Execution Prevention (DEP), which prevent the execution of malicious code that has been injected into a running process, are now enabled in most operating systems. The wide adoption of these protection mechanisms has given rise to a new type of attacks, known as code-reuse attacks, which achieve arbitrary code execution without the injection of any attacker-supplied code. In this scheme, the attacker chains together small fragments of code, known as gadgets, that already exist in the executable address space of the vulnerable process, and triggers their execution by exploiting a typical memory corruption vulnerability. In the first part of this talk, we will look in detail at the mechanics of code reuse attacks, focusing on real exploits against Windows. In the second part, we will present some work in progress on techniques for the detection and prevention of code-reuse attacks using dynamic code analysis and static binary rewriting.
Leakage Resilient Cryptography: a Practical Overview
Francois-Xavier Standaert, Associate Researcher of the Belgian Fund for Scientific Research (F.R.S.-FNRS) and Professor at the UCL Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM)
Side-channel leakage is an important threat for cryptographic implementations. By allowing to circumvent the models in which standard security proofs are obtained, they can lead to powerful attacks (e.g., key recovery) against a large class of devices. One solution to prevent such attacks is to reduce the leakage directly at the implementation (hardware or software) level. A complementary approach is to work at the higher abstraction level of modern cryptography, trying to extend the guarantees of provable security, from mathematical objects towards physically leaking ones. But for such strong results to be practically meaningful, it is important that they adequately formalize actual engineering constraints.In this talk, I will survey a couple of recent results in leakage-resilient cryptography. Starting from different case studies, I will first discuss the tradeoff between provable security and engineering practice, trying to give a contrasted view of the field. On the one hand, formal guarantees of security are a desirable goal in general. In this respect, side-channel attacks have been a germ for new proof techniques, that are sometimes of independent interest, and sometimes triggered interesting design ideas. On the other hand, none of the present formal solutions in leakage resilience is fully relevant to practice, mainly because of shortcomings in the assumptions. Building on this observation, I will then try to suggest hints for better bridging the gap between the theory and practice of side-channel attacks.
Security Research with Human Subjects: Informed Consent, Risk, and Benefits
Maritza Johnson, Columbia University PhD Student
Computer security research is facing a growing trend of researchers collecting data directly from users or their personal devices. Many researchers are required by law to obtain the approval of an ethics committee for research with human subjects. This process is designed to ensure the ethical treatment of subjects and focuses on key concepts such as informed consent, minimized risk, and generally maximizing benefits to the research subjects. Computer security researchers who conduct human subjects research should be concerned with these aspects of their methodology regardless of whether they are required to by law, it is our ethical responsibility as professionals in this field. Previous discourse on the ethics of computer security research fails to satisfactorily address how the nature of security research may complicate the process of determining how to treat human subjects ethically. We suggest that our community take an active role in crafting best practices for how to treat human subjects ethically.
Detecting Wikipedia Vandalism via Spatio-Temporal Analysis of Revision Metadata
Andrew G. West, Doctoral Student, University of Pennsylvania
Blatantly unproductive edits undermine the quality of the collaboratively-edited encyclopedia, Wikipedia. Language-processing has been applied to combat these malicious edits, but as with email spam, these filters are evadable and computationally complex.In this talk, I will show how spatio-temporal properties of revision metadata can be used to detect vandalism on Wikipedia. Using reputation algorithms and machine learning, we identify features which require no inspection of the article or 'diff' text. The resulting classifier performs comparably to NLP at far greater efficiency. Further, this logic has been built into a software tool (that will be demonstrated), which is responsible for over 35,000 reversions to Wikipedia.
Finally, the talk will report on recent/unpublished work on interesting subsets of vandalism: link spam and legally-threatening revisions.
Scammed: The Fragility of Trust at a Distance
Hugh Thompson
Limited time offer! Urgent notice. Cheap Viagra. Users are constantly under the assault of scammers. Many online scams and social engineering attacks use old battle-tested techniques to entice their victims in a new format. Specifically, this talk looks at the use of "convincers," allegedly unbiased 3rd parties that push users (even smart ones) over the edge of trust. Convincers have been used successfully by scammers and magicians for hundreds of years and are taking new forms online. The talk includes videos of real-life in-person scams as well as the results of a set of online experiments that examine the fragility (and erosion) of trust at a distance.
Howard: A Dynamic Excavator for Reverse Engineering Data Structures
Asia Slowinska, Vrije Universiteit Amsterdam PhD student
Howard is a new solution to extract data structures from C binaries without any need for symbol tables. Our results are significantly more accurate than those of previous methods and allow one to generate partial symbol tables without access to source code. Also, we show that we can protect existing binaries from memory corruption attacks--again without source code. Howard uses dynamic analysis and detects data structures by tracking how a program uses memory.
Cybersecurity Challenges
Steven Bellovin, Columbia University Professor
From more or less any perspective, we have failed in our attempts to build secure systems. We argue that given one uncontroversial assumption -- that bug-free code is impossible, if only because we cannot construct bug-free specifications -- this is unlikely to change. Doing the same thing over and over again and expecting a different result is one class definition of insanity, but that's what security people have been doing. Instead, we outline a fundamentally different approach to security, called resilient system design.
Rethinking Passwords
William Cheswick, Lead Member of Technical Staff, AT&T Labs - Research
Passwords and PINs are used everywhere these days, but their use is often painful. Traditional password advice and rules are seldom appropriate for today's threats, yet we labor with the password rules and servers of yesteryear. Strong passwords are weakening our security, and it is time to fix that.
There are numerous proposals for new password solutions. I will present a few half-baked ideas. But there are good solutions available now.
We are facing much more worrisome security challenges: we ought to get this easy stuff right.