Archive for the 'Conferences' Category

NYU-Poly AT&T Applied Security Paper Finalist

Thursday, October 27th, 2011

Yan Huang has been selected as a finalist for the NYU-Poly AT&T Best Applied Security Paper Award for the paper, Faster Secure Two-Party Computation Using Garbled Circuits (USENIX Security 2011, co-authored with David Evans, Jonathan Katz, and Lior Malka). The award recognizes the best paper on applied security in any venue between September 1, 2010 and August 31, 2011.

The award will be announced at a ceremony as part of the CSAW Cybersecurity Competition in New York on 11 November.

Peter Chapman’s CCS talk on Side-Channel Analysis (and Guinness!)

Thursday, October 20th, 2011


Peter Chapman presented our work on side-channel analysis for web applications at CCS yesterday. His slides are available here: [PPTX] [PDF].

It provides an automated way to analyze a web application for side-channel vulnerabilities, as well as a better metric for quantifying those vulnerabilities (that may have applications to many other areas where it is important to know how well states can be distinguished). It is described in more detail in this paper: Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications (and earlier post), but for the important connection to Guinness you need to view the slides. The tool is also freely available at http://www.cs.virginia.edu/sca/ (with a tutorial explaining how to use it!)

Auditing Information Leakage Talk

Tuesday, October 11th, 2011

Yikan Chen presented his work on Auditing Information Leakage for Distance Metrics at the Third IEEE Conference on Privacy, Security, Risk and Trust today.

The slides are here: [PPTX] [PDF]



USENIX Security Videos

Sunday, August 21st, 2011

Videos from all the talks at USENIX Security are now available on the conference site.

Here are the talks by UVa people:

I would also highly recommend Collin Jackson’s invited talk on Crossing the Chasm: Pitching Security Research to Mainstream Browser Vendors.

Faster Secure Two-Party Computation Using Garbled Circuits Talk

Sunday, August 14th, 2011

Yan Huang’s talk on Faster Secure Two-Party Computation Using Garbled Circuits at USENIX Security 2011 is now available: [PPTX] [PDF].

You can also download our framework and try our Android demo application.



Hoos At USENIX

Sunday, August 14th, 2011



University of Virginia people at USENIX Security in Union Square
San Francisco, 10 August 2011

Front row (left-to-right):

  • Joseph Calandrino (UVa BS Math with CS 2004, UVa MCS 2005, soon to finish a PhD at Princeton).
  • Erika Chin (UVa BSCS 2007, now a PhD student at UC Berkeley)
  • Michael Dietz (UVa BSCS 2008, now a PhD student at Rice University)
  • Jiamin Chen (finishing a UVa BACS in 2012, currently an undergraduate researcher on secure computation)
  • Brittany Harris (finishing a UVa BACS in 2013, currently an undergraduate researcher on secure computation)
  • Sang Koo (finishing UVa BSCS and BSCpE in 2013, currently an undergraduate researcher on mobile secure computation)
  • Yuchen Zhou (currently PhD student in Computer Engineering at UVa, working on web security
  • Yikan Chen (currently a PhD student in Computer Engineering at UVa, working on auditing information leakage)
  • Pieter Hooimeijer (nearly finished PhD student at UVa, working in Westley Weimer’s group on programming languages and security)

Back row:

  • Nate Paul (UVa PhD 2008, now at Associate Professor at the University of Tennessee, with a joint appointment at Oak Ridge National Labs)
  • Nicholas Christin (UVa PhD 2003, now faculty at CMU Cylab)
  • Adrienne Porter Felt (UVa BSCS 2008, now PhD student at UC Berkeley)
  • Samee Zahur (currently a PhD student in Computer Science at UVa, working on improving secure computations using partial evaluation)
  • Austin DeVinney (visiting researcher at UVa, completing a BSCS at Radford University in 2012)
  • Yan Huang (currently a PhD student at UVa, working on secure computation)

UVa students book-ended the symposium, with Pieter presenting the first paper (Fast and Precise Sanitizer Analysis with BEK), and Yan presenting the last paper (Faster Secure Two-Party Computation Using Garbled Circuits). Adrienne Felt (Permission Re-Delegation: Attacks and Defenses and Michael Dietz (Quire: Lightweight Provenance for Smart Phone Operating Systems) also presented papers in a session that I was privileged to chair. Erika Chin, Joseph Calandrino, and Nicholas Christin were also co-authors of papers, and Austin, Brittany, Jiamin, Samee, Yan, and Yuchen also presented posters. Peter Chapman (BACS 2012) also presented a paper at HotSec, but wasn’t able to stay for the rest of the symposium.



Side-Channel Analysis Paper

Sunday, August 14th, 2011

Our paper on side-channel analysis of web applications is now available:

Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]

The paper describes a black-box tool for detecting side-channel vulnerabilities by analyzing network traffic over repeated crawls of a web application. Our tool quantifies the severity of side-channel leaks in a web application, and gives web application developers a measure of the risk of information leakage against different types of adversaries. The frequent and highly dynamic client-server communication that is characteristic of modern web applications leaves them vulnerable to side-channel leaks where an adversary can learn about the state of the application and visitor’s choices, even over encrypted connections. Our approach provides a new way to quantify the severity of these vulnerabilities based on analyzing the results of traces of the web traffic using the Fisher criterion.


System Overview

Peter will present the paper at CCS in Chicago in October.

Project Site

USENIX Security Posters

Sunday, August 14th, 2011

Several of our students presented posters at the USENIX Security Symposium Poster Session.


Sang Koo (with Yan Huang and Peter Chapman)
More Efficient Secure Computation on Smartphones

 

Brittany Harris and Jiamin Chen
Secure Computation with Neural Networks



Austin DeVinney and Yuchen Zhou
(with Jonathan Burket, Jenny Cha, and Casey Mihaloew)
Unifying Data Policies across the Server and Client

 
Samee Zahur
Exploiting Public Inputs to Optimize Circuits Used in Secure Computation Protocols

HotSec 2011

Tuesday, August 9th, 2011

Peter Chapman presented our paper on Privacy-Preserving Applications on Smartphones at the 6th USENIX Workshop on Hot Topics in Security today. Here are the talk slides [PDF].

The CommonContacts demonstration app is now available in the Android Market.

Project Website



Private Editing Talk

Friday, June 24th, 2011

Yan Huang presented Private Editing Using Untrusted Cloud Services at the Second International Workshop on Security and Privacy in Cloud Computing in Minneapolis this morning.

Here are the slides from his talk: [PPTX, PDF].
The full paper is also available: [PDF, 10 pages].