Jefferson's Wheel

UVa Today has a story about our secure computation project: U.Va. Team Awarded $3 Million NSF Secure Computation Grant, Fariss Samarrai, UVa Today, 14 October 2011.

Photo: Cole Geddy

“Secure computation is the idea that you can have two people compute a function that depends on things that each one knows individually and wants to keep private without exposing their private data to the other person, or to anyone else,” Evans said.

The research has applications in everyday life, from private medical information, such as personal genomics, to privacy-preserving face recognition and electronic commerce.

As a simple example of how it works, consider two people who each have smartphones with personal address books. They would like to know if they know any of the same people by comparing their address books. But, they may not want to share their address books, which include potentially sensitive private information. So how can they find the common entries, without revealing anything about their other contacts?

Read More …

Yikan Chen presented his work on Auditing Information Leakage for Distance Metrics at the Third IEEE Conference on Privacy, Security, Risk and Trust today.

The slides are here: [PPTX] [PDF]

Here are the slides from my talk in cs6190, our seminar for new graduate students: [PPTX] [PDF]

Links from the talk:

• //www.mightbeevil.com — secure computation with garbled circuits
• CommonContacts Android Secure Computation Demo
• Research group mailing list
• Publications

Computers will make the world of tomorrow a much safer place. They will do away with cash, so that you need no longer fear being attacked for your money. In addition, you need not worry that your home will be burgled or your car stolen. The computers in your home and car will guard them, allowing only yourself to enter or someone with your permission.

From World of Tomorrow — School, Work and Play, by Neil Ardley, 1981. (Scanned by David Gagnon. Hat tip: Ian Finder, University of Washington)

Yuchen Zhou presented Protecting Private Web Content from Embedded Scripts at ESORICS in Belgium.

His talk slides are here: [PPTX] [PDF]

Today (August 30th) we are hosting the Kickoff Meeting for our new NSF-funded 5-year project, Practical Secure Two-Party Computation: Techniques, Tools, and Applications. This is a collaborative research project with abhi shelat and Aaron Mackey at UVa, Michael Hicks and Jonathan Katz at the University of Maryland, and Steven Myers at Indiana University. The goal of the project is to make privacy-preserving computation practical and accessible enough to be used routinely in applications such as personalized genetics, medical research, and privacy-preserving biometrics. For more, see //securecomputation.org.

The Computer Science department has moved into Rice Hall, our beautiful new building next to our former home in Olsson Hall.

Here are some pictures of the lab space for the Secure Research Group in Rice 442:

Yikan Chen and I are releasing a paper today on Auditing Information Leakage for Distance Metrics. The paper is a first step towards the goal of developing self-auditing secure computations that can determine when the output of a secure computation would leak too much information to be safe to release. Yikan will present the paper at the Third IEEE Conference on Privacy, Security, Risk and Trust in Boston, 9-11 October 2011.

Abstract. Many useful scenarios involve allowing untrusted users to run queries against secret data, so long as the results do not leak too much information. This problem has been studied widely for statistical queries, but not for queries with more direct semantics. In this paper, we consider the problem of auditing queries where the result is a distance metric between the query input and some secret data. We develop an efficient technique for estimating a lower bound on the entropy remaining after a series of query-responses that applies to a class of distance functions including Hamming distance. We also present a technique for ensuring that no individual bits of the secret sequence is leaked. In this paper, we formalize the information leakage problem, describe our design for a query auditor, and report on experiments showing the feasibility and effectiveness of our approach for sensitive sequences up to thousands of bits.

Full paper: [PDF, 10 pages]

Muzzammil Zaveri (BACS 2011), who worked in our group 2010-2011, and Ethan Fast (BACS 2011) have launched a new company, Proxino, that provides developers with a way of finding bugs in their site’s JavaScript code, as well as optimizing the loading and performance of scripts. Ethan and Muzzammil were funded by Y Combinator, starting in Summer 2011 (right after finishing their BACS degrees). Here’s an article about Proxino:
YC-Funded Proxino: Automated Error Reporting For Your Client-Side JavaScript, TechCrunch, 22 August 2011.

While he was a student here, Muzzammil worked on the GuardRails secure web application framework. Ethan worked in Westley Weimer‘s group on automated program repair.

Videos from all the talks at USENIX Security are now available on the conference site.

Here are the talks by UVa people:

• Peter Chapman (HotSec Workshop): Privacy-Preserving Applications on Smartphones and Q & A (extensive discussion session, including the other two talks in the session)
• Pieter Hooimeijer: Fast and Precise Sanitizer Analysis with BEK
• Adrienne Porter Felt (now at UC Berkeley): Permission Re-Delegation: Attacks and Defenses
• Michael Dietz (now at Rice University): QUIRE: Lightweight Provenance for Smart Phone Operating Systems
• Yan Huang: Faster Secure Two-Party Computation Using Garbled Circuits

I would also highly recommend Collin Jackson’s invited talk on Crossing the Chasm: Pitching Security Research to Mainstream Browser Vendors.