| TECHNICAL SESSIONS Wednesday, August 3 | Thursday, August 4 | Friday, August 5 | |
Keynote Address
Computer Security in the Real World
Butler W. Lampson,Microsoft and MIT  Listen in MP3 format
After thirty years of work on computer security, why are almost all the systems in service today extremely vulnerable to attack? The main reason is that security is expensive to set up and a nuisance to run, so people judge from experience how little of it they can get away with. Since there's been little damage, people decide that they don't need much security. In addition, setting it up is so complicated that it's hardly ever done right. While we await a catastrophe, simpler setup is the most important step toward better security.In a distributed system with no central management like the Internet, security requires a clear story about who is trusted for each step in establishing it, and why. The basic tool for telling this story is the "speaks for" relation between principals that describes how authority is delegated, that is, who trusts whom. The idea is simple, and it explains what's going on in any system I know, although the many different ways of encoding this relation often make it hard to see the underlying order. | |  | | | | REFEREED PAPERS
Session Chair: Adrian Perrig,Carnegie Mellon University
Security Analysis of a Cryptographically-Enabled RFID Device
Steve Bono, Matthew Green, and Adam Stubblefield,Johns Hopkins University; Ari Juels,RSA Laboratories; Avi Rubin,Johns Hopkins University; Michael Szydlo,RSA Laboratories
Stronger Password Authentication Using Browser Extensions
Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John C Mitchell,Stanford University Cryptographic Voting Protocols: A Systems Perspective
Chris Karlof, Naveen Sastry, David Wagner,University of California, Berkeley | INVITED TALKS
Ben Shneiderman,University of Maryland
Listen in MP3 format Creating a more secure computing and communications environment requires cooperation among many disciplines. Human-computer interaction (HCI) researchers can contribute by participating in user interface design for system managers and every level of users. The standard HCI processes could clarify the currently confusing array of features that overwhelms many users and leads to errors or frustration. First steps would include clear task analysis and a hierarchical decomposition of objects and actions that enable users to develop a meaningful mental model tied to their needs, rather than the intricacies of system architecture. Then carefully chosen evaluation methods could assess interface designs during development and usage. A second HCI contribution might be tied to information visualization tools to enable system managers to better monitor activity, detect attacks, and trace attackers. Temporal pattern search, network traffic analysis, and hierarchical clustering tools are potential contributions.
This talk includes a proposed graphic user interface,FORTS(File-sharing Onweb with Realistic Tailorable Security), for specifyingand monitoring security/privacy status. This interface is meant to bemulti-layered to allow users to choose the level of complexity andprotection they need. Based on a fortress model, FORTS shows moresecure areas deeper in the fort, and multiple gates to allowincoming/outgoing traffic with comprehensible activity logs. | | | | | | REFEREED PAPERS
Moderator: Niels Provos,Google
Panelists: Drew Dean,SRI International;Carl Ellison,Microsoft;Daniel Weitzner,World Wide Web Consortium | INVITED TALKS
Douglas Maughan,DHS, HSARPA
Listen in MP3 format This presentation will provide an overview of the recently createdDepartment of Homeland Security, its Science and Technology Directorate,and some of the research initiatives started in the Department. Many ofthese initiatives provide examples where networking, security, andpolicy come together in interesting ways as the Department works withcritical infrastructure providers to secure the nation'sinfrastructures. This presentation will explore these issues and providean opportunity for an open discussion surrounding the various homelandsecurity applications. | | | | | | REFEREED PAPERS
Session Chair: Angelos Keromytis,Columbia University
Empirical Study of Tolerating Denial-of-Service Attacks with a ProxyNetwork
Ju Wang, Xin Liu, and Andrew A. Chien,University of California, San Diego Robust TCP Stream Reassembly in the Presence of Adversaries
Sarang Dharmapurikar,Washington University; Vern Paxson,International Computer Science Institute, Berkeley Countering Targeted File Attacks Using LocationGuard
Mudhakar Srivatsa and Ling Liu,Georgia Institute of Technology | INVITED TALKS
Avi Rubin,Johns Hopkins University
In July 2003, my research team published an analysis of Diebold's Accuvote TS and TSX voting machines, which were used in public elections all over the United States. We found serious security flaws in the machines, and a general lack of understanding of software and computer systems. Since then, the debate around electronic voting has intensified. In the two years since we published that report, I have become very involved in the issue at a national and local level, going so far as to become an election judge in Baltimore County. Maryland is one of the battleground states with respect to e-voting. In this talk, I will review the security issues around e-voting and voting procedures and will provide an update on where things stand in my state and at the federal level. | | | Wednesday, August 3 | Thursday, August 4 | Friday, August 5 | | | | REFEREED PAPERS
Session Chair: Adam Stubblefield,Johns Hopkins University
An Architecture for Generating Semantic Aware Signatures
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, and Somesh Jha,University of Wisconsin, Madison MulVAL: A Logic-based Network Security Analyzer
Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel,Princeton University Detecting Targeted Attacks Using Shadow Honeypots
K. G. Anagnostakis,University of Pennsylvania; S. Sidiroglou,Columbia University; P. Akritidis, K. Xinidis, and E. Markatos,Institute of Computer Science—FORTH; A. D. Keromytis,Columbia University | INVITED TALKS
Pradeep K. Khosla,CyLab
This presentation will provide an overview of the research in CyLab. CyLab is a university-wide multidisciplinary research center with the goal of combining technology, business, and policy to impact industry. In addition, CyLab has a strategic interest in outreach and awareness for the masses. Toward achieving this goal, it is developing innovative games and curricula. This talk will provide an overview of some the research projects in CyLab and will also describe our strategy. | | | | | | REFEREED PAPERS
Panelists: Abe Singer,San Diego Supercomputer Center;Bill Cheswick,Lumeta Corp.;Paul Ohm,U.S. Department of Justice; Michael Scher,SecurityTechnologist, Attorney, Anthropologist, Nexum, Inc.
It has become commonplace at some computer conferences, especiallysecurity conferences, for someone to "sniff" the network—monitor otherusers' communications. Often this is for the purpose of interceptingusernames and passwords transmitted in cleartext, sometimes publiclyposting the information found. The person sniffing may or may not beofficially affiliated with the conference, and the activityis often condoned or approved by the conference organizers (although not by USENIX), and manyof the participants. But is such activity legal? It may very well not be, or only under verylimited circumstances. Who has standing to "permit" the activity, andwho is liable for the results? Aside from whether or not the activity is criminal, there is also theethical issue. Is sniffing a conference network the "right thing to do"?What example does it set? What message does it send? These issues have been highlighted by some heated complaints at recentUSENIX conferences. This panel will discuss these legal and ethical issues. | INVITED TALKS
Bill Arbaugh,University of Maryland
A lively and mostly healthy debate has focused on the trusted computing initiatives of several prominent vendors. Both sides of this debate have made some relevant and some not so relevant claims—not to mention a little fear, uncertainty, and doubt (FUD). In this talk, I will present the history of trusted computing from before the "Orange Book" to what we might see tomorrow. Along the way, I'll try to sort out the real technical and policy issues from the FUD. In the end, my hope is that you can make an informed decision on whether these initiatives are treacherous or trusted. | | | | | | REFEREED PAPERS
Session Chair: R. Sekar,Stony Brook University
Where's the FEEB? The Effectiveness of Instruction Set Randomization
Ana Nora Sovarel, David Evans, and Nathanael Paul,University of Virginia Automating Mimicry Attacks Using Static Binary Analysis
Christopher Kruegel and Engin Kirda,Technical University Vienna; Darren Mutz, William Robertson, and Giovanni Vigna,University of California, Santa Barbara Non-Control-Data Attacks Are Realistic Threats
Shuo Chen,University of Illinois at Urbana-Champaign; Jun Xu and Emre C. Sezer,North Carolina State University | INVITED TALKS
Dawson Engler,Stanford University
This talk will describe new dynamic bug-finding techniques that workwell on real code, our experiences with both static and dynamictechniques, and several widely held myths in the bug-finding community. | | | | | | REFEREED PAPERS
Session Chair: Niels Provos,Google
Mapping Internet Sensors with Probe Response Attacks
John Bethencourt, Jason Franklin, and Mary Vernon,University of Wisconsin, Madison
Vulnerabilities of Passive Internet Threat Monitors
Yoichi Shinoda,Japan Advanced Institute of Science and Technology; Ko Ikai,National Police Agency of Japan; Motomu Itoh,Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) On the Effectiveness of Distributed Worm Monitoring
Moheeb Abu Rajab, Fabian Monrose, and Andreas Terzis,Johns Hopkins University | INVITED TALKS
Greg Morrisett,Harvard University
Proof-carrying code was introduced by Necula and Lee as a technique for minimizing trusted code: instead of monitoring or analyzing code to see if it is trustworthy, we require that the code comes with a machine-checkable, mathematical proof that the code respects a desired security policy. In practice, checking the proof is easy when compared to constructing one, so the framework shifts the hard work from the code consumer to the code producer. Unfortunately, it doesn't eliminate the hard problem: how does a code producer construct the proof? Certifying compilers provide part of the answer: A certifying compiler takes as input high-level source code and a proof that the source code respects the policy, and then transforms the code and proof in parallel. In this fashion, it is able to automatically output the required proof at the machine-code level. For simple policies, such as memory-safety and type-safety, the proof can be automatically constructed at the source level, assuming we start with a type-safe source language. Unfortunately,most of the code that needs to be trustworthy is written in type-unsafe languages such as C or C++, so we need some way to realize proofs for these languages. Furthermore, we need support for security policies that go well beyond type-safety. I will survey some of the research that has been done, and that needs to be done to achieve these goals, so that we may one day realize the full potential of proof-carrying code. | | | Wednesday, August 3 | Thursday, August 4 | Friday, August 5 | | | | REFEREED PAPERS
Session Chair: Yoshi Khono,University of California, San Diego
Protecting Against Unexpected System Calls
C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman,University of Arizona Efficient Techniques for Comprehensive Protection from Memory Error Exploits
Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney,Stony Brook University Finding Security Vulnerabilities in Java Applications with Static Analysis
V. Benjamin Livshits and Monica S. Lam,Stanford University OPUS: Online Patches and Updates for Security
Gautam Altekar, Ilya Bagrak, Paul Burstein, and Andrew Schultz,University of California, Berkeley | INVITED TALKS
Peter Lee,Carnegie Mellon University
Since 1996 there has been tremendous progress in developing the idea of certified code, including both proof-carrying code (PCC) and typed assembly language (TAL). In a certified code framework, each program (which is usually in machine-code binary form) comes equipped with a certificate that "explains," both rigorously and in a manner that is easily validated, why it possesses a formally specified safety property. A substantial amount of the research work in this area has been directed towards the problem of how to make certified code a practical technology—what one might call "proof engineering." Thus, many of the advances have been in methods for representing the certificates in the most compact and efficiently checkable way. A considerable amount of effort has also gone into the development of prototype tools that explore how to handle realistic programs written in realistic languages. In this talk, I will start with a brief overview of the current state of these and other current concepts in certified code. Then I will consider a very different but equally practical question: Just what is it that we are trying to prove, especially if we want to be relevant to computer security? Today, certified code systems do not prove the semantic equivalence between source and target programs. Nor do they prove the absence of most kinds of trojan horses, covert channels, or race conditions. While the safety properties provided by current certified code systems are, in fact, of central importance to computer security, I will argue that there are potentially great opportunities in investigating an expansion of the kinds of properties that these systems reason about. | | | | | | REFEREED PAPERS
Session Chair: Somesh Jha,University of Wisconsin, Madison
Fixing Races for Fun and Profit: How to Abuse atime
Nikita Borisov, Rob Johnson, Naveen Sastry, and David Wagner,University of California, Berkeley Building an Application-aware IPsec Policy System
Heng Yin and Haining Wang,College of William and Mary Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation
Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum,Stanford University | INVITED TALKS
Ben Laurie,The Bunker
I spend my life doing a dozen different things at once. So, rather than concentrate on one thing which might bore you, I would prefer to spark everyone's interest (at least occasionally) by talking about several of the things that have been distracting me recently. Included may or may not be: anonymous instant messaging, bolting capabilities onto existing languages, why packaging is bad for security, problems in DNSSEC and ruminations on writing an OpenPGP library. But since I'm writing this abstract in April and talking in August, there may be even more cool topics to discuss. | | | | |
|
|
Need help?Use our Contacts page.