Speaker: Helen Wang, Microsoft Research
Date: Wednesday, 21 March
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 119

Helen J. Wang is a researcher from Microsoft Research, Redmond.
She has been leading the Shield research project (http://research.microsoft.com/research/shield/) which encompasses a number of projects in the area of the malware defense and web security. Her current research interests are in system security. Helen received her Ph.D. from the Computer Science department in 2001.

Abstract:

In this talk, I will present several of our research efforts in the theme of vulnerability-driven filtering.

Shield was proposed as a patch alternative or intermediary addressing the deployment problem of patches. Instead of patching software binary, Shield patches the network input of vulnerable applications. Shield utilizes a generic protocol analyzer and a domain-specific protocol specification language for analyzing network traffic and specifying and enforcing vulnerability signatures. This work was published at ACM SIGCOMM 2004.

In the BrowserShield project, we take Shield’s vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at run-time. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at run-time. The rewritten pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities. This work was published at Usenix OSDI 2006.

The rise of the zero-day attacks motivated us to undertake the ShieldGen project and explore the possibilities of automatically generating Shield signatures (that were manually constructed in the past) for an observed zero-day attack instance. In ShieldGen, we leverage knowledge of the data format to generate new potential attack instances, probes, and use a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability; the feedback of the oracle guides our search for the vulnerability signature. Experimental results indicate that our signatures are free of false positives, but with a low rate of false negatives. This work will be published at IEEE Symposium of Security and Privacy 2007.

Speaker: Marco Pistoia, IBM Research
Date: Wednesday, 14 March
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 2nd floor lounge

Title: “Beyond Stack Inspection: A Unified Access-Control and Information-
Flow Security Model”

Abstract:
Modern component-based systems, such as Java and Microsoft .NET Common
Language Runtime (CLR) have adopted Stack-Based Access Control (SBAC). Its
purpose is to use stack inspection to verify that all the code responsible
for a security-sensitive action is sufficiently authorized to perform that action.

Previous literature has shown that the security model enforced by SBAC is flawed in that stack inspection may allow unauthorized code no longer on the stack to influence the execution of security-sensitive code. A different approach, History Based Access Control (HBAC), is safe but may prevent authorized code from executing a security-sensitive operation if less trusted code was previously executed. In this talk, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security- sensitive operation is sufficiently authorized. Given an access- control policy, we present a mechanism to extract from it an implicit integrity policy, and we prove that IBAC enforces both policies. Furthermore, we discuss large-scale application code scenarios to which IBAC can be successfully applied.

This is joint work with Anindya Banerjee (Kansas State University) and David Naumann (Stevens Institute of Technology).

BIO
Dr. Marco Pistoia has worked for IBM Corporation since January 1996 and is
currently a Research Staff Member in the Programming Languages and Software
Engineering Department at the IBM Thomas J. Watson Research Center in Hawthorne, New York. He has written ten books, filed sixteen patents, and published numerous papers and journal articles on all areas of program analysis and language-based security.

Speaker: Ivan Krstic, One Laptop per Child
Date: Wednesday, 7 March
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 119

Title: How do you secure 100 million laptops? A security model for the One Laptop per Child

Abstract:
One Laptop per Child (OLPC) is a non-profit organization aiming to redefine learning and education for the world’s children by providing each child with a specially- developed, innovative and low-cost laptop. More than 5 million laptops will reach children in developing countries this year, with another 50-100 million in the next two years. The scale of the deployment, the laptop’s unique hardware and software stacks, and a target user group as young as 6 all present some extremely difficult challenges in providing a secure user experience. We present Bitfrost, an integrated security platform for the OLPC XO laptop designed to address these challenges.

Click here to view a video of this talk.