| 01/24/2005 |
- Presenter: Geetanjali Sampemane
- Title:
KNOW why
your access was denied: Regulating feedback for usable
security
- Abstract:
Ubiquitous computing environments promise exciting new applications, but
pose new challenges for security. These environments are heavily
context-driven, and user permissions in such systems may change in
non-obvious ways due to changes in system context. This can be hard for
users to understand, as permissions appear to change in arbitrary ways.
Providing more feedback to users than a simple "access denied" would
improve system usability, but unrestricted feedback may compromise system
security by violating policy confidentiality requirements. In this talk,
we present KNOW, a framework for providing useful feedback to users about
access control decisions. KNOW provides a tradeoff between user feedback
and policy protection, using cost functions to improve the quality of
feedback and meta-policies to maintain policy confidentiality.
|
| 01/31/2005 |
- Presenter: Xuxian Jiang
- Title:
Virtual Playgrounds For Worm Behavior Investigation
- Abstract: For better understanding worms dynamic and possibly
camouflaged behavior, researchers in Internet worms
have long hoped to have a controlled and convenient
environment to safely unleash and run them. There
are, however, major challenges in realizing the worm
playgrounds, including the playgrounds' fidelity, confinement,
scalability, as well as worm experiment convenience
offered to researchers. In particular, we argue that
worm playgrounds that use physical hosts as playground
nodes may not effectively address these challenges.
In this paper, we present a virtualization-based approach
to create virtual Internet worm playgrounds
called vGrounds. A vGround is an all-software virtual
environment dynamically instantiated on top of a physical
infrastructure to accommodate realistic end-hosts
and network entities, all realized as virtual machines
(VMs) and confined via virtual networks (VNs). The
salient features of vGround include (1) high fidelity
supporting real worm codes exploiting real vulnerable
services, (2) strict confinement making the real Internet
totally invisible from inside a vGround, (3) high resource
efficiency providing an experiment with scale magnitudes
larger than the number of physical machines in the
infrastructure, (4) flexible and efficient worm experiment
control enabling fast (tens of seconds) and automatic
instantiation, re-installation, and final tear-down of a
vGround. To the best of our knowledge, this is the
first software platform that supports fully virtualized
worm playgrounds. Our experiments with real-world
worms have been successfully exposed their probing and
propagation patterns, exploitation attempts, and malicious
payloads, clearly demonstrating the research and
education value of vGrounds.
|
| 02/07/2005 |
|
| 02/14/2005 |
- Presenter: Mohamed Yehia Shehab
- Title: Watermarking Relational Databases
-
J. Kiernan, R. Agrawal,
"Watermarking Relational Databases,"
Proc. 28th Int'l Conf. Very Large Databases VLDB, 2002.
Radu Sion, Mikhail Atallah, Sunil Prabhakar, "Rights
Protection for Relational Data," IEEE Transactions on Knowledge and
Data Engineering, Volume 16, Number 6, June 2004.
|
| 02/21/2005 |
- Presenter: Professor Eugene Spafford
- Title: PITAC Cyber Security Research Report
- Abstract:
The PITAC has spent nearly a year collecting data concerning cyber
security funding by the US Government. A report to the President is in
press and will be released within 2-3 weeks.
I will talk about the findings of the PITAC, the recommendations, and
provide some speculation about what they may lead to given the current
climate in Washington.
This is NOT a presentation on scientific results, but rather a
presentation on the policy and politics involved in government funding and
security preparedness.
|
| 02/28/2005 |
- Presenter: Jiangtao Li
- Title: Privacy-Enhancing Automated Trust Negotiation
- Abstract:
Exchange of attribute credentials is a means of establishing mutual trust
between strangers that wish to share resource or conduct business
transactions. Automated Trust Negotiation (ATN) is an approach to regulate
the exchange of sensitive credentials by using access control policies.
When the credentials and access control policies are sensitive, trust
negotiation using existing ATN schemes either reveal too much private
information about the participating entities or fail to complete. In this
thesis, we focus on solutions to privacy-enhancing ATN.
To enable privacy-enhancing ATN, we propose Oblivious Attribute
Certificates (OACerts), an attribute certificate scheme in which a
certificate holder can select which attributes to use and how to use them.
In particular, a client Alice can use attribute values stored in an OACert
obliviously, i.e., she obtains a service from the service provider Bob if
and only if the attribute values satisfy Bob's policy, yet Bob learns
nothing about these attribute values. Using OACerts, we develop a
policy-hiding access control scheme that protects both sensitive attribute
values and sensitive policies. That is, Bob can decide whether Alice's
certified attribute values satisfy Bob's policy, without Bob learning any
other information about Alice's attribute values or Alice learning Bob's
policy. We are currently investigating on how to formally integrate
OACerts and various cryptographic methods to the existing ATN work. Our
proposed privacy-enhancing ATN scheme uses RT_1, a role-based trust
management language that supports parameterized roles and fields, and an
extended version of trust target graph protocol.
In another approach, we use hidden credentials which are ideal for
protecting possession-sensitive attribute such as secret-agent attribute
and terminally ill attribute. As a first step, we consider the model where
access of Bob's resource depends on Alice's credentials only. We develop a
protocol such that Alice gets the resource from Bob only if she satisfies
Bob's policy, Bob does not learn anything about Alice's credentials (not
even whether Alice got access or not), and Alice learns neither Bob's
policy structure nor which credentials caused her to gain access. We now
extend our model such that each credential is governed by an access
control policy, both Alice and Bob input their credentials and the
corresponding access control policies. We plan to develop a protocol such
that Alice and Bob can decide in a privacy-preserving manner whether Alice
can successfully negotiate trust with Bob; that is, whether there exists a
sequence of credentials disclosure such that in the end the requested
resource is granted and all policies for the disclosed credentials are
satisfied.
|
| 03/07/2005 |
- Presenter: Bhagyalaxmi Bethala
- Title: Internet Quarantine
- Abstract:
Internet Quarantine: Requirements for Containing Self-Propagating Code.
David Moore, Colleen Shannon, Geoffrey M. Voelker, and Stefan Savage
INFOCOM 2003
It has been clear since 1988 that self-propagating code can
quickly spread across a network by exploiting homoge-neous security
vulnerabilities. However, the last few years have seen a dramatic increase
in the frequency and virulence of such "worm" outbreaks. For example, the
Code-Red worm epidemics of 2001 infected hundreds of thousands of Internet
hosts in a very short period - incurring enormous operational expense to
track down, contain, and repair each infected machine. In response to this
threat, there is considerable effort focused on developing technical means
for detecting and containing worm infections before they can cause such
damage.
This paper does not propose a particular technology to address this
problem, but instead focuses on a more basic question: How well will any
such approach contain a worm epidemic on the Internet? We describe the
design space of worm containment systems using three key parameters-
reaction time, contain-ment strategy and deployment scenario. Using a
combination of analytic modeling and simulation, we describe how each of
these design factors impacts the dynamics of a worm epidemic and,
conversely, the minimum engineering requirements necessary to contain the
spread of a given worm. While our analysis cannot provide definitive
guidance for engineering defenses against all future threats, we
demonstrate the lower bounds that any such system must exceed to be useful
today. Unfortunately, our results suggest that there are significant
technological and administrative gaps to be bridged before an effective
defense can be provided in today's Internet.
|
| 03/21/2005 |
|
| 03/28/2005 |
- Presenter: Jacques Daniel Thomas
- Abstract: This will be a report of what went on at the 1st SELinux
Symposium. The website of the symposium is: www.selinux-symposium.org.
The slides of the talks are available under the
"Agenda" section.
|
| 04/04/2005 |
- Presenter: Jing Dong
- Title: Authenticated Dictionaries
- Abstract:
"Efficient
Authenticated Dictionaries with Skip Lists and Commutative
Hashing"
"Persistent
Authenticated Dictionaries and Their Applications"
Authenticated dictionaries is a data type that allows the user to
make queries of the type "is element e in set S?" and get authenticated
answer. Persistent authenticated dictionaries is an authenticated dictionary
that also keeps track of the history of the set S, thus it allows the user
to make queries of the type "was element e in set S at time t?" and get
authenticated answers. I will discuss the applications of authenticated
dictionaries and persistent authenticated dictionaries and their
implementation with skip lists.
|
| 04/11/2005 |
|
| 04/18/2005 |
- Presenter: Yunhua Koglin
- Title: An Update Protocol for XML Documents in Distributed and
Cooperative Systems
- Abstract:
Securing data is becoming a crucial need for most internet-based
applications.
Whereas the problem of data confidentiality has been widely investigated,
the problem of how to ensure that data, when moving among different
parties, are modified only according to the stated policies has been so
far not deeply investigated. In this paper, we propose an approach
supporting parallel and distributed secure updates to XML documents. The
approach, based on the use of a security region-object parallel flow
(S-RPF) graph protocol, is particularly suited for all environments
requiring cooperative updates to XML documents. It allows different users
to simultaneously update different portions of the same document,
according to the specified access control policies.
Additionally, it supports a decentralized management of update operations
in that a subject can exercise its privileges and verify the correctness
of the operations performed so far on the document without interacting, in
most of the cases, with the document server.
|
| 04/25/2005 |
|